spomaleny pc a blue screen of death

[limit]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Filip at 2012-02-09 00:24:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (5%) free of 477 GB
Total RAM: 3327 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:24:32, on 9.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\hry\Winamp\winampa.exe
C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\hry\Torrent\uTorrent.exe
C:\hry\Kies\Kies\KiesTrayAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe
C:\Documents and Settings\Filip\Desktop\Skype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\hry\CoD 2\program\bin\jqs.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe
C:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Filip\Desktop\RSIT.exe
C:\Program Files\trend micro\Filip.exe

O1 - Hosts: 90.130.13.126 hottiehangout.com
O1 - Hosts: 90.130.13.126 pornhub.com
O1 - Hosts: 90.130.13.126 porn.com
O1 - Hosts: 90.130.13.126 yobt.com
O1 - Hosts: 90.130.13.126 xnxx.com
O1 - Hosts: 90.130.13.126 keezmovies.com
O1 - Hosts: 90.130.13.126 redtube.com
O1 - Hosts: 90.130.13.126 penisbot.com
O1 - Hosts: 90.130.13.126 pichunter.com
O1 - Hosts: 90.130.13.126 newsfilter.org
O1 - Hosts: 90.130.13.126 spankwire.com
O1 - Hosts: 90.130.13.126 freefuckvidz.com
O1 - Hosts: 90.130.13.126 youporn.com
O1 - Hosts: 90.130.13.126 tube8.com
O1 - Hosts: 90.130.13.126 tnaflix.com
O1 - Hosts: 90.130.13.126 sexbot.com
O1 - Hosts: 90.130.13.126 grayvee.com
O1 - Hosts: 90.130.13.126 porntown.com
O1 - Hosts: 90.130.13.126 deviantclip.com
O1 - Hosts: 90.130.13.126 porn.hu
O1 - Hosts: 90.130.13.126 bustnow.com
O1 - Hosts: 90.130.13.126 wankerhut.com
O1 - Hosts: 90.130.13.126 porn2.com
O1 - Hosts: 90.130.13.126 porno-shack.com
O1 - Hosts: 90.130.13.126 babesdosage.com
O1 - Hosts: 90.130.13.126 xvideos.com
O1 - Hosts: 90.130.13.126 mofosex.com
O1 - Hosts: 90.130.13.126 xhamster.com
O1 - Hosts: 90.130.13.126 shaggit.org
O1 - Hosts: 90.130.13.126 youjizz.com
O1 - Hosts: 90.130.13.126 veqq.com
O1 - Hosts: 90.130.13.126 porncitadel.com
O1 - Hosts: 90.130.13.126 onlybestsex.com
O1 - Hosts: 90.130.13.126 fameporn.com
O1 - Hosts: 90.130.13.126 pornfuze.com
O1 - Hosts: 90.130.13.126 pornmusic.com
O1 - Hosts: 90.130.13.126 pornex.com
O1 - Hosts: 90.130.13.126 pinkworld.com
O1 - Hosts: 90.130.13.126 porntele.com
O1 - Hosts: 90.130.13.126 pussy.org
O1 - Hosts: 90.130.13.126 onetwoporn.com
O1 - Hosts: 90.130.13.126 youramateurporn.com
O1 - Hosts: 90.130.13.126 slutload.com
O1 - Hosts: 90.130.13.126 empflix.com
O1 - Hosts: 90.130.13.126 89.com
O1 - Hosts: 90.130.13.126 csiporn.com
O1 - Hosts: 90.130.13.126 persiankitty.com
O1 - Hosts: 90.130.13.126 brazzers.com
O1 - Hosts: 90.130.13.126 porn.com
O1 - Hosts: 90.130.13.126 rawtube.com
O1 - Hosts: 90.130.13.126 hippotube.com
O1 - Hosts: 90.130.13.126 sticking.com
O1 - Hosts: 90.130.13.126 poguide.com
O1 - Hosts: 90.130.13.126 lettherebeporn.com
O1 - Hosts: 90.130.13.126 ylovesporn.com
O1 - Hosts: 90.130.13.126 indianpornvideos.com
O1 - Hosts: 90.130.13.126 mobile.pornhub.com
O1 - Hosts: 90.130.13.126 rabbitsreviews.com
O1 - Hosts: 90.130.13.126 toppornpictures.com
O1 - Hosts: 90.130.13.126 porntube.com
O1 - Hosts: 90.130.13.126 fooxy.com
O1 - Hosts: 90.130.13.126 brazzersmobile.com
O1 - Hosts: 90.130.13.126 twelvefifteen.net
O1 - Hosts: 90.130.13.126 stairporn.org
O1 - Hosts: 90.130.13.126 content1.se
O1 - Hosts: 90.130.13.126 new.younglegalporn.com
O1 - Hosts: 90.130.13.126 sexforsure.com
O1 - Hosts: 90.130.13.126 evateens.com
O1 - Hosts: 90.130.13.126 orgasm.com
O1 - Hosts: 90.130.13.126 19yoporn.com
O1 - Hosts: 90.130.13.126 specialteenvideos.com
O1 - Hosts: 90.130.13.126 old-man-sex.com
O1 - Hosts: 90.130.13.126 18onlygirls.com
O1 - Hosts: 90.130.13.126 lovevideoworld.com
O1 - Hosts: 90.130.13.126 porn8.com
O1 - Hosts: 90.130.13.126 s7.addthis.com
O1 - Hosts: 90.130.13.126 nastyporngirls.net
O1 - Hosts: 90.130.13.126 mybabes.com
O1 - Hosts: 90.130.13.126 wildmaturemoms.com
O1 - Hosts: 90.130.13.126 freshxxxtube.com
O1 - Hosts: 90.130.13.126 disamicon.com
O1 - Hosts: 90.130.13.126 xxxdessert.com
O1 - Hosts: 90.130.13.126 oldyoungporn.com
O1 - Hosts: 90.130.13.126 verygoodfuck.com
O1 - Hosts: 90.130.13.126 nastyniches.com
O1 - Hosts: 90.130.13.126 isitmymom.com
O1 - Hosts: 90.130.13.126 myxxxgroupsex.com
O1 - Hosts: 90.130.13.126 myxxxcheatingwife.com
O1 - Hosts: 90.130.13.126 nastyworm.com
O1 - Hosts: 90.130.13.126 muffia.com
O1 - Hosts: 90.130.13.126 damplips.com
O1 - Hosts: 90.130.13.126 crocogirls.com
O1 - Hosts: 90.130.13.126 nakedgirlteens.com
O1 - Hosts: 90.130.13.126 kewego.se
O1 - Hosts: 90.130.13.126 teenport.com
O1 - Hosts: 90.130.13.126 morazzia.com
O1 - Hosts: 90.130.13.126 tannedbrunette.com
O1 - Hosts: 90.130.13.126 freehostedpics.com
O1 - Hosts: 90.130.13.126 artnudegalleries.com
O1 - Hosts: 90.130.13.126 promo.averotica.com
O1 - Hosts: 90.130.13.126 averotica.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\hry\CoD 2\program\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\hry\CoD 2\program\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\hry\Winamp\winampa.exe
O4 - HKLM\..\Run: [ASUS_Utility] C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ocs_SM] C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HKLM] C:\Program Files\winupdate\svchost.exe
O4 - HKLM\..\Run: [CTAPR2] "C:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe" /r
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\hry\Torrent\uTorrent.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\hry\Kies\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\hry\Kies\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [bRemoteControl] C:\hry\remote\RemoteDesktopServer\RemoteDesktopServer.exe
O4 - HKCU\..\Run: [SpyEmergency] C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Filip\Desktop\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [HKCU] C:\Program Files\winupdate\svchost.exe
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Program Files\winupdate\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Program Files\winupdate\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\hry\ICQ\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\hry\ICQ\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\hry\CoD 2\program\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 13850 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
C:\WINDOWS\tasks\iMeshNAG.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default

prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, DTToolbar@toolbarnet.com:1.1.2.0185, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, battlefieldheroespatcher@ea.com:5.0.31.0, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, {5b175400-2368-11de-8c30-0800200c9a66}:1.9, zigboom@ymail.com:1.2.3"

"jqs@sun.com"=C:\hry\CoD 2\program\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\hry\CoD 2\program\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npijjiFFPlugin1.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npijjiFFPlugin1.dll
NPOFF12.DLL
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\extensions\
battlefieldheroespatcher@ea.com
battlefieldplay4free@ea.com
DTToolbar@toolbarnet.com
{5b175400-2368-11de-8c30-0800200c9a66}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\searchplugins\
daemon-search.xml
{283F7610-B849-4FED-A912-9E9A05E57DDB}.xml
{45D1E178-5831-4260-8241-20D7E6EF9031}.xml
{6E71FFD3-74E1-4E1B-BD1C-9EF0F7CE328F}.xml
{D076F8B2-5BB4-452F-B0AE-47ED086214FC}.xml
{D552ECB7-DE7A-42D4-9369-07F066CA62E1}.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\hry\CoD 2\program\bin\jp2ssv.dll [2010-09-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\hry\CoD 2\program\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2010-05-04 33741424]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"WinampAgent"=C:\hry\Winamp\winampa.exe [2010-05-19 37888]
"ASUS_Utility"=C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe [2009-05-13 2228224]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Ocs_SM"=C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe [2011-02-10 106496]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 98304]
"HKLM"=C:\Program Files\winupdate\svchost.exe [2012-02-08 764732]
"CTAPR2"=C:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe [2009-11-11 65642]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\winupdate\svchost.exe [2012-02-08 764732]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"uTorrent"=C:\hry\Torrent\uTorrent.exe [2011-05-15 399736]
"KiesHelper"=C:\hry\Kies\Kies\KiesHelper.exe [2011-04-28 934800]
"KiesTrayAgent"=C:\hry\Kies\Kies\KiesTrayAgent.exe [2011-04-28 3373968]
"KiesPDLR"=C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-04-28 19856]
"bRemoteControl"=C:\hry\remote\RemoteDesktopServer\RemoteDesktopServer.exe []
"SpyEmergency"=C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe [2011-05-10 2396504]
"Skype"=C:\Documents and Settings\Filip\Desktop\Skype.exe [2010-09-02 13351304]
"Google Update"=C:\Documents and Settings\Filip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
"Facebook Update"=C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-19 137536]
"HKCU"=C:\Program Files\winupdate\svchost.exe [2012-02-08 764732]
"KPeerNexonEU"=C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [2011-12-23 438272]
"PlayNC Launcher"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Program Files\winupdate\svchost.exe [2012-02-08 764732]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-04-20 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\hry\Torrent\uTorrent.exe"="C:\hry\Torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\hry\CoD 2\iw3mp.exe"="C:\hry\CoD 2\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\hry\Garena\Garena.exe"="C:\hry\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Filip\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Filip\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\hry\Metro 2033\steam\Steam.exe"="C:\hry\Metro 2033\steam\Steam.exe:*:Enabled:Steam"
"C:\hry\Battlefiel 2\BFBC2Updater.exe"="C:\hry\Battlefiel 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\hry\Mafia 2\Steam.exe"="C:\hry\Mafia 2\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\hry\Dirt 2\dirt2_game.exe"="C:\hry\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\hry\WOW GB\World of Warcraft\Launcher.exe"="C:\hry\WOW GB\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\hry\WOW GB\World of Warcraft\Launcher.patch.exe"="C:\hry\WOW GB\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Documents and Settings\Filip\Desktop\VideoConverterSetup.exe"="C:\Documents and Settings\Filip\Desktop\VideoConverterSetup.exe:*:Enabled:InstallCore™"
"C:\hry\CS\hl.exe"="C:\hry\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\hry\remote\RemoteDesktopServer\RemoteDesktopServer.exe"="C:\hry\remote\RemoteDesktopServer\RemoteDesktopServer.exe:*:Disabled:RemoteDesktopServer"
"C:\hry\Need for speed-Hot pursuit\Launcher.exe"="C:\hry\Need for speed-Hot pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\hry\Portal 2\Portal 2\portal2.exe"="C:\hry\Portal 2\Portal 2\portal2.exe:*:Disabled:portal2"
"C:\hry\ICQ\ICQ7.5\ICQ.exe"="C:\hry\ICQ\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\hry\Battlefield 4free\BFP4f.exe"="C:\hry\Battlefield 4free\BFP4f.exe:*:Enabled:BFP4f"
"C:\hry\WOW GB\World of Warcraft\BackgroundDownloader.exe"="C:\hry\WOW GB\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\hry\Steam\Steam.exe"="C:\hry\Steam\Steam.exe:*:Enabled:Steam"
"C:\hry\Dead island\Dead Island\deadislandgame.exe"="C:\hry\Dead island\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\hry\Vindictus\Vindictus EU\en-EU\NMService.exe"="C:\hry\Vindictus\Vindictus EU\en-EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Documents and Settings\Filip\Desktop\Skype.exe"="C:\Documents and Settings\Filip\Desktop\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\hry\ICQ\ICQ7.5\ICQ.exe"="C:\hry\ICQ\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm

======File associations======

.js - edit -
.js - open -
.txt - open - "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

======List of files/folders created in the last 1 month======

2012-02-08 17:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-02-06 17:25:05 ----D---- C:\Documents and Settings\Filip\Application Data\Google
2012-02-06 17:24:10 ----D---- C:\Program Files\Google
2012-01-22 21:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2012-01-19 15:42:40 ----D---- C:\Program Files\NCsoft

======List of files/folders modified in the last 1 month======

2012-02-09 00:24:06 ----D---- C:\Program Files\trend micro
2012-02-09 00:22:08 ----D---- C:\Documents and Settings\Filip\Application Data\uTorrent
2012-02-09 00:14:31 ----D---- C:\Documents and Settings\Filip\Application Data\Skype
2012-02-09 00:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2012-02-08 23:34:03 ----D---- C:\WINDOWS\Temp
2012-02-08 21:31:59 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-08 21:31:56 ----HD---- C:\WINDOWS\inf
2012-02-08 20:07:35 ----RSHD---- C:\Program Files\winupdate
2012-02-08 19:30:54 ----SHD---- C:\WINDOWS\Installer
2012-02-08 18:15:55 ----D---- C:\Program Files\Mozilla Firefox
2012-02-08 18:15:13 ----D---- C:\WINDOWS\system32\ias
2012-02-08 18:15:05 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2012-02-08 18:15:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-08 18:02:25 ----D---- C:\WINDOWS\Prefetch
2012-02-08 18:02:11 ----D---- C:\WINDOWS
2012-02-08 18:01:13 ----D---- C:\WINDOWS\system32
2012-02-08 18:01:13 ----D---- C:\Program Files\ESET
2012-02-08 17:56:00 ----D---- C:\WINDOWS\system32\drivers
2012-02-08 16:58:28 ----D---- C:\WINDOWS\Minidump
2012-02-08 16:58:28 ----D---- C:\WINDOWS\Debug
2012-02-08 16:30:03 ----RSD---- C:\WINDOWS\Fonts
2012-02-08 00:30:25 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-06 17:24:14 ----SD---- C:\WINDOWS\Tasks
2012-02-06 17:24:10 ----RD---- C:\Program Files
2012-01-29 21:53:39 ----D---- C:\Documents and Settings\Filip\Application Data\BSplayer
2012-01-26 19:24:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-01-22 21:56:15 ----D---- C:\Program Files\REACTOR
2012-01-22 21:54:02 ----D---- C:\hry
2012-01-21 20:14:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-19 15:41:42 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-16 17:54:59 ----D---- C:\WINDOWS\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-19 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2011-04-21 14168]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-02-27 279712]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-02-27 25888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-04-20 6537728]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-10-23 17480]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-09-08 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2011-04-21 16216]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2010-04-24 2134256]
R3 XENFilt;XENFilt; C:\WINDOWS\system32\drivers\XENFilt.sys [2010-07-24 2016640]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 a8d7axo9;a8d7axo9; C:\WINDOWS\system32\drivers\a8d7axo9.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Filip\LOCALS~1\Temp\RDY876.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\hry\Garena\safedrv.sys []
S3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
S3 RT61;AsusTek RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-11-24 495104]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [2011-04-21 20056]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\WINDOWS\system32\DRIVERS\sscebus.sys [2010-12-21 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2010-12-21 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\WINDOWS\system32\DRIVERS\sscemdm.sys [2010-12-21 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\WINDOWS\system32\DRIVERS\ssceserd.sys [2010-12-21 100352]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-04-20 643072]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-05-20 286720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\hry\CoD 2\program\bin\jqs.exe [2010-09-30 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-25 75136]
R2 SearchAnonymizer;SearchAnonymizer; C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe [2011-02-10 40960]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe [2011-04-21 2232664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-08-07 3804120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zdravím,

to je na těžší zbraně

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[limit]

ComboFix 12-02-09.04 - Filip 09.02.2012 18:04:52.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2330 [GMT 1:00]
Running from: c:\documents and settings\Filip\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Filip\LOCALS~1\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\documents and settings\Filip\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Filip\Local Settings\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
C:\install.exe
c:\program files\winupdate
c:\program files\winupdate\svchost.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\tmp1CB5.tmp
c:\windows\system32\tmp1CB8.tmp
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-08 18:02 . 2012-02-08 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-02-08 16:55 . 2012-02-08 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-06 16:24 . 2012-02-08 18:30 -------- d-----w- c:\program files\Google
2012-01-22 20:57 . 2012-01-22 20:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 20:39 . 2012-01-22 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-01-19 14:42 . 2012-02-08 14:27 -------- d-----w- c:\program files\NCsoft
2012-01-14 19:38 . 2012-01-14 19:38 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-01-14 19:38 . 2012-01-14 19:38 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-01-14 19:38 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-01-14 19:38 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-01-14 19:38 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-01-14 19:38 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-01-14 19:38 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 20:33 . 2011-12-23 20:33 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-12-23 20:33 . 2011-12-23 20:33 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-11-28 21:11 . 2010-05-21 21:47 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-28 21:11 . 2010-05-23 19:02 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-28 21:11 . 2010-05-21 21:47 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-26 12:13 . 2010-12-01 23:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-15 18:13 . 2010-05-21 21:47 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-01-22 20:39 . 2011-10-25 22:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\hry\Torrent\uTorrent.exe" [2011-05-15 399736]
"KiesHelper"="c:\hry\Kies\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\hry\Kies\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"SpyEmergency"="c:\hry\antispeawer\Spy Emergency\SpyEmergency.exe" [2011-05-10 2396504]
"Skype"="c:\documents and settings\Filip\Desktop\Skype.exe" [2010-09-02 13351304]
"Facebook Update"="c:\documents and settings\Filip\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-23 438272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-04 33741424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="c:\hry\Winamp\winampa.exe" [2010-05-19 37888]
"ASUS_Utility"="c:\program files\ASUS\WLAN Card Utilities\RaUI.exe" [2009-05-13 2228224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Ocs_SM"="c:\documents and settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe" [2011-02-10 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"CTAPR2"="c:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe" [2009-11-11 65642]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\hry\\Torrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\hry\\CoD 2\\iw3mp.exe"=
"c:\\hry\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Filip\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Dirt 2\\dirt2_game.exe"=
"c:\\hry\\WOW GB\\World of Warcraft\\Launcher.exe"=
"c:\\hry\\CS\\hl.exe"=
"c:\\hry\\Need for speed-Hot pursuit\\Launcher.exe"=
"c:\\hry\\Portal 2\\Portal 2\\portal2.exe"=
"c:\\hry\\ICQ\\ICQ7.5\\ICQ.exe"=
"c:\\hry\\Battlefield 4free\\BFP4f.exe"=
"c:\\hry\\WOW GB\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Steam\\Steam.exe"=
"c:\\hry\\Dead island\\Dead Island\\deadislandgame.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\hry\\Vindictus\\Vindictus EU\\en-EU\\NMService.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Filip\\Desktop\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 16:49 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [28.5.2011 18:03 14168]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 SearchAnonymizer;SearchAnonymizer;c:\documents and settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe [10.2.2011 16:03 40960]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe [28.5.2011 18:03 2232664]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [28.5.2011 18:03 16216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19.5.2010 17:16 2134256]
R3 XENFilt;XENFilt;c:\windows\system32\drivers\XENFilt.sys [22.11.2011 14:56 2016640]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2012 17:24 136176]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp --> c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\Garena\safedrv.sys --> c:\hry\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2012 17:24 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [28.5.2011 18:03 20056]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [3.2.2011 17:40 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [3.2.2011 17:40 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [3.2.2011 17:40 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [3.2.2011 17:40 100352]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
- c:\documents and settings\Filip\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-19 18:19]
.
2012-02-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
- c:\documents and settings\Filip\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-19 18:19]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-06 16:24]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-06 16:24]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
- c:\documents and settings\Filip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 15:03]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
- c:\documents and settings\Filip\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 15:03]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\hry\ICQ\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 195.12.128.1 195.72.0.3
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
.
------- File Associations -------
.
.txt=txt_auto_file
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-bRemoteControl - c:\hry\remote\RemoteDesktopServer\RemoteDesktopServer.exe
AddRemove-Eurobattle.net1.26 - c:\hry\Warcraft III\uninstall.exe
AddRemove-01_Simmental - c:\hry\Kies\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\hry\Kies\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\hry\Kies\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\hry\Kies\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\hry\Kies\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\hry\Kies\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\hry\Kies\Kies\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\hry\Kies\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\hry\Kies\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\hry\Kies\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
ASUS_Utility = c:\program files\ASUS\WLAN Card Utilities\RaUI.exe??O?K?????????l??????????????r?????????iL??????fL???Uo5???????0???5??????r????????????4?A~????5??????r????w?C~????????????w?C~<?????A~????<???Z?A~????*?A~5???w?C~?GL?T [?????\???????ucT??????fL???L?5??????rXhV
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3716)
c:\hry\antispeawer\Spy Emergency\webspam.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\mHotkey.exe
c:\hry\CoD 2\program\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-02-09 18:15:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 17:14
.
Pre-Run: 25 191 960 576 bytes free
Post-Run: 31 069 380 608 bytes free
.
- - End Of File - - 4E8389317D1197D30A0FE373B841BCDF

[cernohous13]

Pokud nemáš ComboFix na ploše, přesuň jej tam.
Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"WinampAgent"=-
"SunJavaUpdateSched"=-

Driver::
gupdate
gupdatem

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
C:\WINDOWS\tasks\iMeshNAG.job

[limit]

ComboFix 12-02-09.04 - Filip 10.02.2012 0:23.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2449 [GMT 1:00]
Running from: c:\documents and settings\Filip\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Filip\Desktop\CFscript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job"
"c:\windows\tasks\iMeshNAG.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-963894560-1801674531-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 17:25 . 2012-02-09 17:25 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-09 17:25 . 2012-02-09 17:25 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-09 17:25 . 2012-02-09 17:25 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-09 17:25 . 2012-02-09 17:25 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-08 18:02 . 2012-02-08 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-02-08 16:55 . 2012-02-08 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-06 16:24 . 2012-02-08 18:30 -------- d-----w- c:\program files\Google
2012-01-22 20:57 . 2012-01-22 20:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-22 20:39 . 2012-01-22 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-01-19 14:42 . 2012-02-08 14:27 -------- d-----w- c:\program files\NCsoft
2012-01-14 19:38 . 2012-01-14 19:38 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-01-14 19:38 . 2012-01-14 19:38 184452 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-01-14 19:38 . 2003-09-03 01:28 724992 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-01-14 19:38 . 2003-09-03 01:27 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-01-14 19:38 . 2003-09-03 01:26 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-01-14 19:38 . 2003-09-03 01:26 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-01-14 19:38 . 2003-09-03 01:25 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 20:33 . 2011-12-23 20:33 235 ----a-w- c:\windows\system32\nxEuUninstall.bat
2011-12-23 20:33 . 2011-12-23 20:33 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2011-11-28 21:11 . 2010-05-21 21:47 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-28 21:11 . 2010-05-23 19:02 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-28 21:11 . 2010-05-21 21:47 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-26 12:13 . 2010-12-01 23:11 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-15 18:13 . 2010-05-21 21:47 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-09 17:25 . 2011-10-25 22:38 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_17.11.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-09 23:30 . 2012-02-09 23:30 16384 c:\windows\temp\Perflib_Perfdata_4f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\hry\Torrent\uTorrent.exe" [2011-05-15 399736]
"KiesHelper"="c:\hry\Kies\Kies\KiesHelper.exe" [2011-04-28 934800]
"KiesTrayAgent"="c:\hry\Kies\Kies\KiesTrayAgent.exe" [2011-04-28 3373968]
"KiesPDLR"="c:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"SpyEmergency"="c:\hry\antispeawer\Spy Emergency\SpyEmergency.exe" [2011-05-10 2396504]
"Skype"="c:\documents and settings\Filip\Desktop\Skype.exe" [2010-09-02 13351304]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-23 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-05-04 33741424]
"ASUS_Utility"="c:\program files\ASUS\WLAN Card Utilities\RaUI.exe" [2009-05-13 2228224]
"Ocs_SM"="c:\documents and settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe" [2011-02-10 106496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"CTAPR2"="c:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe" [2009-11-11 65642]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\hry\\Torrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\hry\\CoD 2\\iw3mp.exe"=
"c:\\hry\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Filip\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\hry\\Dirt 2\\dirt2_game.exe"=
"c:\\hry\\WOW GB\\World of Warcraft\\Launcher.exe"=
"c:\\hry\\CS\\hl.exe"=
"c:\\hry\\Need for speed-Hot pursuit\\Launcher.exe"=
"c:\\hry\\Portal 2\\Portal 2\\portal2.exe"=
"c:\\hry\\ICQ\\ICQ7.5\\ICQ.exe"=
"c:\\hry\\Battlefield 4free\\BFP4f.exe"=
"c:\\hry\\WOW GB\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hry\\Steam\\Steam.exe"=
"c:\\hry\\Dead island\\Dead Island\\deadislandgame.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\hry\\Vindictus\\Vindictus EU\\en-EU\\NMService.exe"=
"c:\\Documents and Settings\\Filip\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\Filip\\Desktop\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59120:TCP"= 59120:TCP:Pando Media Booster
"59120:UDP"= 59120:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2010 16:49 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [28.5.2011 18:03 14168]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 SearchAnonymizer;SearchAnonymizer;c:\documents and settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe [10.2.2011 16:03 40960]
R2 SpyEmrgSrv;Spy Emergency Engine Service;c:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe [28.5.2011 18:03 2232664]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [28.5.2011 18:03 16216]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19.5.2010 17:16 2134256]
R3 XENFilt;XENFilt;c:\windows\system32\drivers\XENFilt.sys [22.11.2011 14:56 2016640]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp --> c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\hry\Garena\safedrv.sys --> c:\hry\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [28.5.2011 18:03 20056]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [3.2.2011 17:40 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [3.2.2011 17:40 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [3.2.2011 17:40 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [3.2.2011 17:40 100352]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\hry\ICQ\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1 195.12.128.1 195.72.0.3
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-10 00:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
ASUS_Utility = c:\program files\ASUS\WLAN Card Utilities\RaUI.exe??O?K?????????l??????????????r?????????iL??????fL???Uo5???????0???5??????r????????????4?A~????5??????r????w?C~????????????w?C~<?????A~????<???Z?A~????*?A~5???w?C~?GL?T [?????\???????ucT??????fL???L?5??????rXhV
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Filip\LOCALS~1\Temp\RDY876.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1232)
c:\hry\antispeawer\Spy Emergency\webspam.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\mHotkey.exe
c:\hry\CoD 2\program\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-02-10 00:33:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 23:33
ComboFix2.txt 2012-02-09 17:15
.
Pre-Run: 31 400 894 464 bytes free
Post-Run: 14 adresárov, 31 307 128 832 voľných bajtov
.
- - End Of File - - 242DAA6F9B6437AF01F84130CFB094AE

[cernohous13]

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

Dej mi aktuální RSIT a napiš jaké jsou ještě problémy

[limit]

no je to ovela lepsie ako to bolo na zaciatku dakujem za pomoc uvidime co to spravi po case

Logfile of random's system information tool 1.09 (written by random/random)
Run by Filip at 2012-02-11 00:05:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (6%) free of 477 GB
Total RAM: 3327 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:05:34, on 11.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\hry\Torrent\uTorrent.exe
C:\hry\Kies\Kies\KiesTrayAgent.exe
C:\hry\CoD 2\program\bin\jqs.exe
C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe
C:\Documents and Settings\Filip\Desktop\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\hry\League of legends\League of Legends\RADS\system\rads_user_kernel.exe
C:\hry\League of legends\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\hry\League of legends\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.126\deploy\LolClient.exe
C:\Documents and Settings\Filip\Desktop\RSIT.exe
C:\Program Files\trend micro\Filip.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\hry\CoD 2\program\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\hry\CoD 2\program\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [ASUS_Utility] C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe
O4 - HKLM\..\Run: [Ocs_SM] C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTAPR2] "C:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe" /r
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [uTorrent] "C:\hry\Torrent\uTorrent.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\hry\Kies\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\hry\Kies\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [SpyEmergency] C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Filip\Desktop\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\hry\ICQ\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\hry\ICQ\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\hry\CoD 2\program\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

--
End of file - 8680 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default

prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198, DTToolbar@toolbarnet.com:1.1.2.0185, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, battlefieldheroespatcher@ea.com:5.0.31.0, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, {5b175400-2368-11de-8c30-0800200c9a66}:1.9, zigboom@ymail.com:1.2.3"

"jqs@sun.com"=C:\hry\CoD 2\program\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\hry\CoD 2\program\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npijjiFFPlugin1.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npijjiFFPlugin1.dll
NPOFF12.DLL
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\extensions\
battlefieldheroespatcher@ea.com
battlefieldplay4free@ea.com
DTToolbar@toolbarnet.com
{5b175400-2368-11de-8c30-0800200c9a66}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\Filip\Application Data\Mozilla\Firefox\Profiles\5qwh5kmx.default\searchplugins\
daemon-search.xml
{283F7610-B849-4FED-A912-9E9A05E57DDB}.xml
{45D1E178-5831-4260-8241-20D7E6EF9031}.xml
{6E71FFD3-74E1-4E1B-BD1C-9EF0F7CE328F}.xml
{D076F8B2-5BB4-452F-B0AE-47ED086214FC}.xml
{D552ECB7-DE7A-42D4-9369-07F066CA62E1}.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\hry\CoD 2\program\bin\jp2ssv.dll [2010-09-30 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\hry\CoD 2\program\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-30 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-12-08 550912]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2010-05-04 33741424]
"ASUS_Utility"=C:\Program Files\ASUS\WLAN Card Utilities\RaUI.exe [2009-05-13 2228224]
"Ocs_SM"=C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizer.exe [2011-02-10 106496]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-19 98304]
"CTAPR2"=C:\hry\Soundblaster\Sound Blaster Tactic(3D) Control Panel\CTAPR2.exe [2009-11-11 65642]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\hry\Torrent\uTorrent.exe [2011-05-15 399736]
"KiesHelper"=C:\hry\Kies\Kies\KiesHelper.exe [2011-04-28 934800]
"KiesTrayAgent"=C:\hry\Kies\Kies\KiesTrayAgent.exe [2011-04-28 3373968]
"KiesPDLR"=C:\hry\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-04-28 19856]
"SpyEmergency"=C:\hry\antispeawer\Spy Emergency\SpyEmergency.exe [2011-05-10 2396504]
"Skype"=C:\Documents and Settings\Filip\Desktop\Skype.exe [2010-09-02 13351304]
"KPeerNexonEU"=C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [2011-12-23 438272]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-04-20 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\hry\Torrent\uTorrent.exe"="C:\hry\Torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\hry\CoD 2\iw3mp.exe"="C:\hry\CoD 2\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\hry\Garena\Garena.exe"="C:\hry\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Filip\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\Filip\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\hry\Dirt 2\dirt2_game.exe"="C:\hry\Dirt 2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\hry\WOW GB\World of Warcraft\Launcher.exe"="C:\hry\WOW GB\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\hry\CS\hl.exe"="C:\hry\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\hry\Need for speed-Hot pursuit\Launcher.exe"="C:\hry\Need for speed-Hot pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\hry\Portal 2\Portal 2\portal2.exe"="C:\hry\Portal 2\Portal 2\portal2.exe:*:Disabled:portal2"
"C:\hry\ICQ\ICQ7.5\ICQ.exe"="C:\hry\ICQ\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\hry\Battlefield 4free\BFP4f.exe"="C:\hry\Battlefield 4free\BFP4f.exe:*:Enabled:BFP4f"
"C:\hry\WOW GB\World of Warcraft\BackgroundDownloader.exe"="C:\hry\WOW GB\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\hry\Steam\Steam.exe"="C:\hry\Steam\Steam.exe:*:Enabled:Steam"
"C:\hry\Dead island\Dead Island\deadislandgame.exe"="C:\hry\Dead island\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\hry\Vindictus\Vindictus EU\en-EU\NMService.exe"="C:\hry\Vindictus\Vindictus EU\en-EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Filip\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Documents and Settings\Filip\Desktop\Skype.exe"="C:\Documents and Settings\Filip\Desktop\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\hry\ICQ\ICQ7.5\ICQ.exe"="C:\hry\ICQ\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm

======File associations======

.txt - open - "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

======List of files/folders created in the last 1 month======

2012-02-11 00:05:27 ----D---- C:\rsit
2012-02-10 20:42:37 ----SHD---- C:\RECYCLER
2012-02-10 00:28:44 ----D---- C:\WINDOWS\temp
2012-02-08 17:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-02-06 17:25:05 ----D---- C:\Documents and Settings\Filip\Application Data\Google
2012-02-06 17:24:10 ----D---- C:\Program Files\Google
2012-01-22 21:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2012-01-19 15:42:40 ----D---- C:\Program Files\NCsoft

======List of files/folders modified in the last 1 month======

2012-02-11 00:05:34 ----D---- C:\Program Files\trend micro
2012-02-11 00:05:05 ----D---- C:\Documents and Settings\Filip\Application Data\uTorrent
2012-02-11 00:03:30 ----D---- C:\Documents and Settings\Filip\Application Data\Skype
2012-02-10 23:38:44 ----D---- C:\WINDOWS\system32\ias
2012-02-10 23:38:43 ----A---- C:\WINDOWS\ModemLog_Communications cable between two computers.txt
2012-02-10 23:36:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-10 23:27:23 ----D---- C:\WINDOWS\Prefetch
2012-02-10 23:27:21 ----D---- C:\WINDOWS
2012-02-10 21:13:40 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-10 19:53:31 ----D---- C:\WINDOWS\system32\drivers
2012-02-10 00:30:39 ----A---- C:\WINDOWS\system.ini
2012-02-10 00:30:23 ----D---- C:\WINDOWS\system32\drivers\etc
2012-02-10 00:28:55 ----D---- C:\WINDOWS\system32\config
2012-02-10 00:28:35 ----SD---- C:\WINDOWS\Tasks
2012-02-10 00:27:45 ----D---- C:\WINDOWS\system32
2012-02-10 00:27:45 ----D---- C:\WINDOWS\AppPatch
2012-02-10 00:27:42 ----D---- C:\Program Files\Common Files
2012-02-10 00:22:48 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-09 19:57:46 ----D---- C:\WINDOWS\Debug
2012-02-09 18:25:30 ----D---- C:\Program Files\Mozilla Firefox
2012-02-09 18:09:46 ----RD---- C:\Program Files
2012-02-09 17:40:42 ----D---- C:\Program Files\Pando Networks
2012-02-09 02:27:25 ----D---- C:\hry
2012-02-08 21:31:56 ----HD---- C:\WINDOWS\inf
2012-02-08 19:30:54 ----SHD---- C:\WINDOWS\Installer
2012-02-08 18:01:13 ----D---- C:\Program Files\ESET
2012-02-08 16:58:28 ----D---- C:\WINDOWS\Minidump
2012-02-08 16:30:03 ----RSD---- C:\WINDOWS\Fonts
2012-01-29 21:53:39 ----D---- C:\Documents and Settings\Filip\Application Data\BSplayer
2012-01-26 19:24:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-01-22 21:56:15 ----D---- C:\Program Files\REACTOR
2012-01-21 20:14:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-01-19 15:41:42 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-05-19 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SpyEmrg;Spy Emergency Driver; C:\WINDOWS\System32\Drivers\spyemrg.sys [2011-04-21 14168]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2011-02-27 279712]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2011-02-27 25888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-04-20 6537728]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-10-23 17480]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-09-08 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2010-04-24 2134256]
R3 XENFilt;XENFilt; C:\WINDOWS\system32\drivers\XENFilt.sys [2010-07-24 2016640]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 akj8li76;akj8li76; C:\WINDOWS\system32\drivers\akj8li76.sys []
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Filip\LOCALS~1\Temp\RDY876.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\hry\Garena\safedrv.sys []
S3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
S3 RT61;AsusTek RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-11-24 495104]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\WINDOWS\System32\Drivers\spyemrg_access.sys [2011-04-21 20056]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\WINDOWS\System32\Drivers\spyemrg_guard.sys [2011-04-21 16216]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\WINDOWS\system32\DRIVERS\sscebus.sys [2010-12-21 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\WINDOWS\system32\DRIVERS\sscemdfl.sys [2010-12-21 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\WINDOWS\system32\DRIVERS\sscemdm.sys [2010-12-21 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM); C:\WINDOWS\system32\DRIVERS\ssceserd.sys [2010-12-21 100352]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-04-20 643072]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2010-05-20 286720]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\hry\CoD 2\program\bin\jqs.exe [2010-09-30 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-25 75136]
R2 SearchAnonymizer;SearchAnonymizer; C:\Documents and Settings\Filip\Application Data\OCS\SM\SearchAnonymizerHelper.exe [2011-02-10 40960]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 SpyEmrgSrv;Spy Emergency Engine Service; C:\hry\antispeawer\Spy Emergency\SpyEmergencySrv.exe [2011-04-21 2232664]
S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-08-07 3804120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[cernohous13]

Zatím se nám daří

pro jistotu ještě

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

ještě se objevuje BSoD? poslal bych ti specialistu

[limit]

Malwarebytes Anti-Malware (Skúšobná verzia) 1.60.1.1000
www.malwarebytes.org

Verzia databázy: v2012.02.11.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Filip :: FILIP-F8399A7CE [administrátor]

Ochrana: Zapnuté

11.2.2012 20:56:51
mbam-log-2012-02-11 (20-56-51).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 167321
Uplynutý čas: 12 min, 16 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

[cernohous13]

Ještě se objevují BSoD?

[limit]

zatial mi to este neurobilo tak si myslim ze je to uz ok

[cernohous13]

To jsem rád a kdyby se zas opakovala, tak napiš.

[limit]

jasne ok dik zatial

[cernohous13]

zatial nie za čo

[limit]

prosim ta nevies mi poradit este s tymto:
http://uploading.sk/images/chybarnr.jpg
niekedy mi to zacne robim pouzivam mozzilu ale robi mi to aj v inych prehliadacoch a skusal som uz aj preinstalovat adobe flash