AVG padá hned po spuštění počítače

[Galates]

Dobrý den,

jsem tu s problémem s AVG, nechce se, mrcha, zapnout po tom co mi spadne po spuštění počítače. Problém se objevil až dnes ráno. Přikládám dss.txt a log.txt a předem Vám děkuji za odpověď.








.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by ADMIN at 12:26:16 on 2012-08-31
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.282 [GMT 2:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\update\update.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {055FD26D-3A88-4e15-963D-DC8493744B1D} - No File
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GarenaMessenger] "c:\program files\garena plus\GarenaMessenger.exe" -silentrun
uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271965330750
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC} : NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: mdhcp32 - mdhcp32.dll
Notify: WB - c:\program files\stardock\object desktop\thememanager\fastload.dll
Hosts: 188.165.202.62 L2authd.lineage2.com
Hosts: 94.125.180.96 nprotect.lineage2.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\data aplikací\mozilla\firefox\profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\admin\local settings\data aplikacă­\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-5-3 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admin\locals~1\temp\usp9.tmp --> c:\docume~1\admin\locals~1\temp\USP9.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-6-1 16640]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-5-3 737016]
.
=============== Created Last 30 ================
.
2012-08-13 20:26:34 -------- d-----w- c:\documents and settings\admin\local settings\data aplikací\LogMeIn Hamachi
2012-08-13 20:26:06 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-11 09:12:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-11 09:12:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 23:01:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-16 23:01:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-05 20:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:29:55,87 ===============








Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2012-08-31 12:28:52
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (10%) free of 233 GB
Total RAM: 1022 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:19, on 31.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SoftwareDistribution\Download\ae4ac74864a34bda5a1d4d2ed27ee4c8\update\update.exe
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\dds.com
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\nsi1A.tmp\PEV.DAT
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 188.165.202.62 L2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GarenaMessenger] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -silentrun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1965330750
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8693 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"=C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX® Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"GarenaMessenger"=C:\Program Files\Garena Plus\GarenaMessenger.exe [2012-08-14 7723384]
"Clownfish"=C:\Program Files\Clownfish\Clownfish.exe [2012-07-23 1105144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TunngleService"=2
"MDM"=2
"idsvc"=3
"ICQ Service"=2
"eqckbdmwjwtfwvw"=2
"DAUpdaterSvc"=3
"AVG Security Toolbar Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
mdhcp32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Rockstar Games\GTA2\gta2.exe"="C:\Program Files\Rockstar Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe"="C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"C:\Program Files\OpenTTD\openttd.exe"="C:\Program Files\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe"="C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe"="C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe:*:Enabled:Smart Media Hunter 0.7"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\War2Combat\Warcraft II BNE.exe"="C:\Program Files\War2Combat\Warcraft II BNE.exe:*:Enabled:Warcraft II Battle.net Edition"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe"="C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe:*:Enabled:Halo 2 for Windows Vista"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
"C:\Program Files\GMOD10\hl2.exe"="C:\Program Files\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\Program Files\GOG.com\Freespace\FS.exe"="C:\Program Files\GOG.com\Freespace\FS.exe:*:Enabled:FreeSpace"
"C:\Program Files\Activision\Rome - Total War\RomeTW.exe"="C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\rc\RAL.EXE"="C:\rc\RAL.EXE:*:Enabled:RAL"
"C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe"="C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe:*:Enabled:The Moon Project"
"K:\Quake3Arena\Quake III Arena\quake3.exe"="K:\Quake3Arena\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic! source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic! source\hl2.exe:*:Enabled:Zombie Panic Source"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\GOG.com\Knights and Merchants TPR\KM_TPR.exe"="C:\Program Files\GOG.com\Knights and Merchants TPR\KM_TPR.exe:*:Enabled:KM_TPR"
"C:\Documents and Settings\ADMIN\Plocha\Šuplík\aoe 2\age2_x1.exe"="C:\Documents and Settings\ADMIN\Plocha\Šuplík\aoe 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\swarm.exe"="C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\srcds.exe"="C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
"C:\Documents and Settings\ADMIN\Local Settings\Apps\2.0\YPO3Y721.AJB\YH3PME35.KBC\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe"="C:\Documents and Settings\ADMIN\Local Settings\Apps\2.0\YPO3Y721.AJB\YH3PME35.KBC\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe:*:Enabled:Company of Heroes Online (THQ)"
"C:\Documents and Settings\All Users\Dokumenty\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Documents and Settings\All Users\Dokumenty\IL-2 Sturmovik Forgotten Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe"="C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Valvenonsteam\Valve\hl.exe"="C:\Program Files\Valvenonsteam\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\ADMIN\Plocha\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\ADMIN\Plocha\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Tunngle\tnglctrl.exe"="C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\tunngle.exe"="C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe"="C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Team17\Worms World Party\wwp.exe"="C:\Program Files\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Documents and Settings\ADMIN\Local Settings\temp\nso10.tmp\BitComet_stats.exe"="C:\Documents and Settings\ADMIN\Local Settings\temp\nso10.tmp\BitComet_stats.exe:*:Disabled:stats Module"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite"
"C:\Program Files\Microsoft Games\Halo\haloupdate.exe"="C:\Program Files\Microsoft Games\Halo\haloupdate.exe:*:Enabled:Halo Update"
"C:\Program Files\Microsoft Games\Halo\chktrust.exe"="C:\Program Files\Microsoft Games\Halo\chktrust.exe:*:Enabled:Microsoft Trust ChkTrust Utility"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Documents and Settings\ADMIN\Local Settings\temp\_av_sfx.tm~a03796\avast.setup"="C:\Documents and Settings\ADMIN\Local Settings\temp\_av_sfx.tm~a03796\avast.setup:*:Enabled:avast! antivirus Update"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Antivirus"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Postal2STP\System\Postal2MP.exe"="C:\Program Files\Postal2STP\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Garena Plus\room\garena_room.exe"="C:\Program Files\Garena Plus\room\garena_room.exe:*:Enabled:Garena"
"C:\Program Files\Psygnosis\Rollcage\Direct3D\Rollcage.exe"="C:\Program Files\Psygnosis\Rollcage\Direct3D\Rollcage.exe:*:Enabled:Rollcage Main Game Executable"
"C:\Program Files\Worms Armageddon - New Edition\WA.exe"="C:\Program Files\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon 3.6.31.0"
"C:\KaM Remake\KaM_Remake.exe"="C:\KaM Remake\KaM_Remake.exe:*:Enabled:KaM_Remake"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"VIDC.FPS1"=frapsvid.dll
"VIDC.FMVC"=fmcodec.dll
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2012-08-31 12:28:52 ----D---- C:\rsit
2012-08-31 11:32:38 ----SHD---- C:\Config.Msi
2012-08-13 22:26:06 ----D---- C:\Program Files\LogMeIn Hamachi
2012-08-11 11:12:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-09-03 16:54:42 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\GarenaPlus
2012-09-03 15:34:18 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Xfire
2012-09-03 00:52:25 ----D---- C:\Program Files\Heroes II
2012-09-01 10:54:41 ----D---- C:\Program Files\Garena Plus
2012-08-31 12:29:19 ----D---- C:\Program Files\trend micro
2012-08-31 12:28:58 ----D---- C:\WINDOWS\Prefetch
2012-08-31 12:28:07 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-31 12:27:41 ----HD---- C:\WINDOWS\inf
2012-08-31 12:27:39 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-31 12:26:12 ----D---- C:\WINDOWS\system32\CatRoot_bak
2012-08-31 12:18:41 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Skype
2012-08-31 12:17:11 ----D---- C:\WINDOWS\temp
2012-08-31 11:37:22 ----D---- C:\WINDOWS
2012-08-31 11:34:27 ----D---- C:\WINDOWS\system32\drivers
2012-08-31 11:33:05 ----SHD---- C:\WINDOWS\Installer
2012-08-31 11:33:05 ----HD---- C:\$AVG
2012-08-31 11:32:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-31 11:31:55 ----D---- C:\WINDOWS\system32
2012-08-31 11:31:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-08-31 11:30:57 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-08-31 01:59:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-31 01:35:53 ----D---- C:\Program Files\Warcraft III
2012-08-31 00:42:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\GarenaMessenger
2012-08-30 13:21:30 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\vlc
2012-08-14 20:29:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-08-14 20:29:10 ----RD---- C:\Program Files\Skype
2012-08-13 22:26:54 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\.minecraft
2012-08-13 22:26:06 ----RD---- C:\Program Files
2012-08-13 22:25:58 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Hamachi
2012-08-11 11:12:31 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-03-14 473656]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 project; service tool ; C:\WINDOWS\System32\Drivers\register.sys [2001-11-28 1950]
S3 aljju1j7;aljju1j7; C:\WINDOWS\system32\drivers\aljju1j7.sys []
S3 anmsacn4;anmsacn4; C:\WINDOWS\system32\drivers\anmsacn4.sys []
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys []
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys []
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMIN\LOCALS~1\Temp\USP9.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WsAudioDevice_383;WsAudioDevice_383; C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-07-05 161704]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-06-15 737016]

-----------------EOF-----------------

[Galates]

Aktualita: Po automatické aktualizaci windows již spustit jde, teď se mi aktualizuje i AVG. Za chvíli postnu log

[Galates]

Je spuštěné, avšak v havarijním stavu. Posílám nový log a předem děkuji za všechny odpovědi.






.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by ADMIN at 13:56:29 on 2012-08-31
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1022.360 [GMT 2:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\RSIT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {055FD26D-3A88-4e15-963D-DC8493744B1D} - No File
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [GarenaMessenger] "c:\program files\garena plus\GarenaMessenger.exe" -silentrun
uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271965330750
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: Interfaces\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC} : NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: mdhcp32 - mdhcp32.dll
Notify: WB - c:\program files\stardock\object desktop\thememanager\fastload.dll
Hosts: 188.165.202.62 L2authd.lineage2.com
Hosts: 94.125.180.96 nprotect.lineage2.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\data aplikací\mozilla\firefox\profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\admin\local settings\data aplikacă­\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2011-5-3 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\admin\locals~1\temp\usp9.tmp --> c:\docume~1\admin\locals~1\temp\USP9.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena plus\room\safedrv.sys --> c:\program files\garena plus\room\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2010-6-1 16640]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2011-5-3 737016]
.
=============== Created Last 30 ================
.
2012-08-31 10:58:23 -------- d-----w- c:\documents and settings\admin\local settings\data aplikací\PCHealth
2012-08-13 20:26:34 -------- d-----w- c:\documents and settings\admin\local settings\data aplikací\LogMeIn Hamachi
2012-08-13 20:26:06 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-11 09:12:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-11 09:12:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 23:01:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-16 23:01:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-05 20:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:58:28,81 ===============












Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2012-08-31 13:56:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (10%) free of 233 GB
Total RAM: 1022 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:25, on 31.8.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 188.165.202.62 L2authd.lineage2.com
O1 - Hosts: 94.125.180.96 nprotect.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GarenaMessenger] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -silentrun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files\Clownfish\Clownfish.exe"
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1965330750
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8395 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/ig"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX® Web Player
"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-02-29 15494464]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-03-01 1634112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]
"GarenaMessenger"=C:\Program Files\Garena Plus\GarenaMessenger.exe [2012-08-14 7723384]
"Clownfish"=C:\Program Files\Clownfish\Clownfish.exe [2012-07-23 1105144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TunngleService"=2
"MDM"=2
"idsvc"=3
"ICQ Service"=2
"eqckbdmwjwtfwvw"=2
"DAUpdaterSvc"=3
"AVG Security Toolbar Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
mdhcp32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Rockstar Games\GTA2\gta2.exe"="C:\Program Files\Rockstar Games\GTA2\gta2.exe:*:Enabled:GTA2 main executable"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\condition zero\hl.exe:*:Enabled:Half-Life

Launcher"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II

Expansion"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\counter-strike\hl.exe:*:Enabled:Half-Life

Launcher"
"C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe"="C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"C:\Program Files\OpenTTD\openttd.exe"="C:\Program Files\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe"="C:\Program Files\Cossacks - Napoleonic Wars\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars"
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\half-life 2

deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe"="C:\Program Files\DsNET Corp\aTube Catcher 1.0\smh.exe:*:Enabled:Smart Media Hunter 0.7"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The

Battle for Middle-earth(tm) II"
"C:\Program Files\War2Combat\Warcraft II BNE.exe"="C:\Program Files\War2Combat\Warcraft II BNE.exe:*:Enabled:Warcraft II Battle.net Edition"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe"="C:\Documents and Settings\ADMIN\Plocha\Šuplík\Halo 2\halo2.exe:*:Enabled:Halo 2 for Windows Vista"
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Program Files\World of

Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"
"C:\Program Files\GMOD10\hl2.exe"="C:\Program Files\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\Program Files\GOG.com\Freespace\FS.exe"="C:\Program Files\GOG.com\Freespace\FS.exe:*:Enabled:FreeSpace"
"C:\Program Files\Activision\Rome - Total War\RomeTW.exe"="C:\Program Files\Activision\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\rc\RAL.EXE"="C:\rc\RAL.EXE:*:Enabled:RAL"
"C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe"="C:\Program Files\Reality Pump\The Moon Project\TheMoonProject.exe:*:Enabled:The Moon Project"
"K:\Quake3Arena\Quake III Arena\quake3.exe"="K:\Quake3Arena\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic! source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\titankiller222\zombie panic!

source\hl2.exe:*:Enabled:Zombie Panic Source"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\GOG.com\Knights and Merchants TPR\KM_TPR.exe"="C:\Program Files\GOG.com\Knights and Merchants TPR\KM_TPR.exe:*:Enabled:KM_TPR"
"C:\Documents and Settings\ADMIN\Plocha\Šuplík\aoe 2\age2_x1.exe"="C:\Documents and Settings\ADMIN\Plocha\Šuplík\aoe 2\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\swarm.exe"="C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm"
"C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\srcds.exe"="C:\Program Files\Valve\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated

Server"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe"="C:\Program Files\THQ\Relic Entertainment\Company of Heroes

Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ)"
"C:\Documents and Settings\ADMIN\Local Settings\Apps\2.0\YPO3Y721.AJB\YH3PME35.KBC\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe"="C:\Documents and

Settings\ADMIN\Local Settings\Apps\2.0\YPO3Y721.AJB\YH3PME35.KBC\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\CoHOLauncher.exe:*:Enabled:Company of Heroes Online

(THQ)"
"C:\Documents and Settings\All Users\Dokumenty\IL-2 Sturmovik Forgotten Battles\il2fb.exe"="C:\Documents and Settings\All Users\Dokumenty\IL-2 Sturmovik Forgotten

Battles\il2fb.exe:*:Enabled:il2fb"
"C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe"="C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Valvenonsteam\Valve\hl.exe"="C:\Program Files\Valvenonsteam\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Games\World_of_Tanks\WorldOfTanks.exe"="C:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\ADMIN\Plocha\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\ADMIN\Plocha\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Tunngle\tnglctrl.exe"="C:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\tunngle.exe"="C:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe"="C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Team17\Worms World Party\wwp.exe"="C:\Program Files\Team17\Worms World Party\wwp.exe:*:Enabled:Worms World Party"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Documents and Settings\ADMIN\Local Settings\temp\nso10.tmp\BitComet_stats.exe"="C:\Documents and Settings\ADMIN\Local

Settings\temp\nso10.tmp\BitComet_stats.exe:*:Disabled:stats Module"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:DAEMON Tools Lite"
"C:\Program Files\Microsoft Games\Halo\haloupdate.exe"="C:\Program Files\Microsoft Games\Halo\haloupdate.exe:*:Enabled:Halo Update"
"C:\Program Files\Microsoft Games\Halo\chktrust.exe"="C:\Program Files\Microsoft Games\Halo\chktrust.exe:*:Enabled:Microsoft Trust ChkTrust Utility"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"
"C:\Documents and Settings\ADMIN\Local Settings\temp\_av_sfx.tm~a03796\avast.setup"="C:\Documents and Settings\ADMIN\Local

Settings\temp\_av_sfx.tm~a03796\avast.setup:*:Enabled:avast! antivirus Update"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe:*:Enabled:avast! Antivirus"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Postal2STP\System\Postal2MP.exe"="C:\Program Files\Postal2STP\System\Postal2MP.exe:*:Enabled:Postal2MP"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Garena Plus\room\garena_room.exe"="C:\Program Files\Garena Plus\room\garena_room.exe:*:Enabled:Garena"
"C:\Program Files\Psygnosis\Rollcage\Direct3D\Rollcage.exe"="C:\Program Files\Psygnosis\Rollcage\Direct3D\Rollcage.exe:*:Enabled:Rollcage Main Game Executable"
"C:\Program Files\Worms Armageddon - New Edition\WA.exe"="C:\Program Files\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon 3.6.31.0"
"C:\KaM Remake\KaM_Remake.exe"="C:\KaM Remake\KaM_Remake.exe:*:Enabled:KaM_Remake"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"VIDC.FPS1"=frapsvid.dll
"VIDC.FMVC"=fmcodec.dll
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2012-08-31 12:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2012-08-31 12:40:32 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2012-08-31 12:28:52 ----D---- C:\rsit
2012-08-31 11:32:38 ----SHD---- C:\Config.Msi
2012-08-13 22:26:06 ----D---- C:\Program Files\LogMeIn Hamachi
2012-08-11 11:12:12 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-09-03 16:54:42 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\GarenaPlus
2012-09-03 15:34:18 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Xfire
2012-09-03 00:52:25 ----D---- C:\Program Files\Heroes II
2012-09-01 10:54:41 ----D---- C:\Program Files\Garena Plus
2012-08-31 13:56:18 ----D---- C:\Program Files\trend micro
2012-08-31 13:54:59 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Skype
2012-08-31 13:12:30 ----D---- C:\WINDOWS\Microsoft.NET
2012-08-31 13:07:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-31 13:07:21 ----SHD---- C:\WINDOWS\Installer
2012-08-31 13:07:21 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-31 13:07:20 ----D---- C:\WINDOWS\system32
2012-08-31 13:06:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-08-31 13:05:41 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-08-31 13:01:35 ----D---- C:\WINDOWS\temp
2012-08-31 12:59:58 ----RSD---- C:\WINDOWS\assembly
2012-08-31 12:55:48 ----D---- C:\WINDOWS
2012-08-31 12:52:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-31 12:43:05 ----HD---- C:\WINDOWS\inf
2012-08-31 12:43:02 ----D---- C:\WINDOWS\ie8updates
2012-08-31 12:42:59 ----HD---- C:\WINDOWS\$hf_mig$
2012-08-31 12:42:55 ----D---- C:\WINDOWS\Prefetch
2012-08-31 12:42:45 ----A---- C:\WINDOWS\imsins.BAK
2012-08-31 12:42:40 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-31 12:40:02 ----HD---- C:\$AVG
2012-08-31 12:40:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
2012-08-31 12:35:26 ----D---- C:\WINDOWS\system32\CatRoot_bak
2012-08-31 11:34:27 ----D---- C:\WINDOWS\system32\drivers
2012-08-31 01:35:53 ----D---- C:\Program Files\Warcraft III
2012-08-31 00:42:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\GarenaMessenger
2012-08-30 13:21:30 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\vlc
2012-08-14 20:29:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-08-14 20:29:10 ----RD---- C:\Program Files\Skype
2012-08-13 22:26:54 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\.minecraft
2012-08-13 22:26:06 ----RD---- C:\Program Files
2012-08-13 22:25:58 ----D---- C:\Documents and Settings\ADMIN\Data aplikací\Hamachi
2012-08-11 11:12:31 ----SD---- C:\WINDOWS\Tasks
2012-08-03 04:46:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-03-14 473656]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-03-01 13417632]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 project; service tool ; C:\WINDOWS\System32\Drivers\register.sys [2001-11-28 1950]
S3 amf4njj5;amf4njj5; C:\WINDOWS\system32\drivers\amf4njj5.sys []
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys []
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys []
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys []
S3 axw45569;axw45569; C:\WINDOWS\system32\drivers\axw45569.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ADMIN\LOCALS~1\Temp\USP9.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WsAudioDevice_383;WsAudioDevice_383; C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-07-05 161704]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-02-29 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2011-06-15 737016]

-----------------EOF-----------------

[Galates]

bump

[Galates]

Omlouvám se za spam, ale opravdu nechápu proč je můj problém ignorován, je možné že něco dělám špatně? Pokud se špatně zobrazuje téma, špatně jsem uvedl název či logy nebo něco podobného pak se omlouvám, avšak cítím ignoraci ze strany rádců... Opět předem děkuji za odpovědi

[tuvok07]

Rádci i moderátoři napřed kontrolují příspěvky bez odpovědí, a vy jste napsal více příspěvků, navíc je víkend. Děláme to tu ve svém volném čase a zadarmo, navíc zdaleka nejste sám.
Vydržte, nahlásím vás někomu

[Galates]

Díky, rozhodně nechci urážet rádce ani se doprošovat odpovědí, jen mě zmátlo, že na spoustu problémů se již odpovědělo a můj zapadl. Chápu, že je hodně dotazů a ještě víkend, omlouvám se

[Roli]

Zdravím, jak psal tuvok07 chce to trpělivost a nepřidávat si sám sobě odpovědi.

Až to dořešíme doinstaluj Service Pack 3

Jinak AVG není úplně nejšťastnější řešení.

Tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-1682526488-725345543-1010\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O20 - Winlogon Notify: mdhcp32 - mdhcp32.dll (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\ADMIN.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Mozilla Maintenance Service

NVIDIA Update Service Daemon

Skype Updater

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[Galates]

Moc díky za odpověď.

Service pack jsem si naistaloval bohužel už včera večer, snad to výrazně neovlivní problém.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.09.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: PP2 [administrátor]

1.9.2012 20:40:07
mbam-log-2012-09-01 (20-52-56).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 226551
Uplynulý čas: 12 minut, 11 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Documents and Settings\ADMIN\Data aplikací\avdrn.dat (Malware.Trace) -> Žádná instrukce nebyla provedena.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\LocalService\Local Settings\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\NetworkService\Local Settings\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Žádná instrukce nebyla provedena.

(konec)

[Roli]

To žes už Service Pack 3 nainstaloval nevadí.

To co Mbam našel nech po jeho znovuspuštění smazat.

Nyní použijeme větší kalibr tak že pozorně čti, protože tenhle softík netoleruje chyby.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Galates]

ComboFix 12-08-31.08 - ADMIN 01.09.2012 22:27:03.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.625 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Dokumenty\Stažené soubory\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\WINDOWS
c:\windows\$NtUninstallKB43635$
c:\windows\$NtUninstallKB43635$\1582500831\@
c:\windows\$NtUninstallKB43635$\1582500831\click.tlb
c:\windows\$NtUninstallKB43635$\1582500831\L\nldernqo
c:\windows\$NtUninstallKB43635$\1582500831\loader.tlb
c:\windows\$NtUninstallKB43635$\1582500831\U\@00000001
c:\windows\$NtUninstallKB43635$\1582500831\U\@000000c0
c:\windows\$NtUninstallKB43635$\1582500831\U\@000000cb
c:\windows\$NtUninstallKB43635$\1582500831\U\@000000cf
c:\windows\$NtUninstallKB43635$\1582500831\U\@80000000
c:\windows\$NtUninstallKB43635$\1582500831\U\@800000c0
c:\windows\$NtUninstallKB43635$\1582500831\U\@800000cb
c:\windows\$NtUninstallKB43635$\1582500831\U\@800000cf
c:\windows\$NtUninstallKB43635$\71059589
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\System\advapi32.dll
c:\windows\system32\
c:\windows\system32\shimg.dll
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-01 do 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 16:05 . 2012-09-01 16:05 -------- d-----w- C:\0db436eca674c5491c0091d591e9
2012-09-01 16:04 . 2012-09-01 16:04 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\Malwarebytes
2012-09-01 16:03 . 2012-09-01 16:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-01 16:03 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 16:03 . 2012-09-01 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-01 15:34 . 2012-09-01 15:35 -------- d-----w- c:\program files\CCleaner
2012-09-01 04:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-09-01 04:29 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-09-01 04:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-09-01 04:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-09-01 04:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-09-01 04:20 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-01 04:18 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-09-01 04:16 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-01 04:12 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-01 04:11 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\l2schemas
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\system32\cs
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\system32\bits
2012-08-31 15:11 . 2012-08-31 15:11 -------- d-----w- c:\windows\EHome
2012-08-31 15:00 . 2012-08-31 15:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-31 10:58 . 2012-08-31 10:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\PCHealth
2012-08-31 10:28 . 2012-08-31 10:29 -------- d-----w- C:\rsit
2012-08-13 20:26 . 2012-09-01 20:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2012-08-13 20:26 . 2012-09-01 15:40 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\LogMeIn Hamachi
2012-08-13 20:26 . 2012-08-13 20:26 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-11 09:12 . 2012-08-11 09:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 09:12 . 2011-07-11 19:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 23:01 . 2012-07-16 23:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-16 23:01 . 2012-07-16 23:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-05 20:07 . 2012-07-07 18:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2012-07-07 18:54 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2012-01-01 21:44 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2006-12-19 14:43 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-07-17 21:44 . 2011-05-06 22:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2012-07-23 07:11 1105144 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaMessenger]
2012-08-14 11:02 7723384 ----a-w- c:\program files\Garena Plus\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TunngleService"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"eqckbdmwjwtfwvw"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\GMOD10\\hl2.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\rc\\RAL.EXE"=
"c:\\Program Files\\Reality Pump\\The Moon Project\\TheMoonProject.exe"=
"c:\\Program Files\\GOG.com\\Knights and Merchants TPR\\KM_TPR.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\aoe 2\\age2_x1.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Apps\\2.0\\YPO3Y721.AJB\\YH3PME35.KBC\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valvenonsteam\\Valve\\hl.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Team17\\Worms World Party\\wwp.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\haloupdate.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\chktrust.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\temp\\_av_sfx.tm~a03796\\avast.setup"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Postal2STP\\System\\Postal2MP.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Garena Plus\\room\\garena_room.exe"=
"c:\\Program Files\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Worms Armageddon - New Edition\\WA.exe"=
"c:\\KaM Remake\\KaM_Remake.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP
"6115:TCP"= 6115:TCP:TCP Port 6115
"6112:TCP"= 6112:TCP:TCP Port 6112
"6113:TCP"= 6113:TCP:TCP Port 6113
"6114:TCP"= 6114:TCP:TCP Port 6114
"6116:TCP"= 6116:TCP:TCP Port 6116
"6117:TCP"= 6117:TCP:TCP Port 6117
"6118:TCP"= 6118:TCP:TCP Port 6118
"6119:TCP"= 6119:TCP:TCP Port 6119
"6120:TCP"= 6120:TCP:TCP Port 6120
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [3.5.2011 22:56 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [12.10.2011 7:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMIN\LOCALS~1\Temp\USP9.tmp --> c:\docume~1\ADMIN\LOCALS~1\Temp\USP9.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [1.6.2010 20:42 16640]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 18:45 113120]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [14.3.2012 1:08 2348352]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [3.5.2011 22:56 737016]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - project
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: Interfaces\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-01 22:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ADMIN\LOCALS~1\Temp\USP9.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,96,ea,b1,f2,5b,37,4f,ab,46,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,96,ea,b1,f2,5b,37,4f,ab,46,6d,\
.
[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:1c,b1,8f,db,ad,aa,df,2e,93,5a,3e,79,a3,9a,d7,f5,a5,2d,10,60,3c,
ee,14,ca,a3,d2,c3,46,cd,a8,44,5e,4e,bc,06,2b,1f,ff,1f,4e,ff,28,d4,7a,3d,ed,\
"rkeysecu"=hex:71,fd,f4,2e,51,e1,fc,3d,f0,e1,a2,91,5e,9c,9e,55
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'explorer.exe'(2284)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Celkový čas: 2012-09-01 22:50:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-01 20:50
.
Před spuštěním: Volných bajtů: 20 820 615 168
Po spuštění: Volných bajtů: 20 949 958 656
.
- - End Of File - - 80EC5710C69C640465C651D4495BE825

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na Plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\docume~1\ADMIN\LOCALS~1\Temp\USP9.tmp

Folder::
c:\Documents and Settings\\ADMIN\\Local Settings\\temp\\_av_sfx.tm~a03796\\avast.setup

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"eqckbdmwjwtfwvw"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\ADMIN\\Local Settings\\temp\\_av_sfx.tm~a03796\\avast.setup"=-
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"=-

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Galates]

ComboFix 12-08-31.08 - ADMIN 03.09.2012 8:58.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.399 [GMT 2:00]
Spuštěný z: c:\documents and settings\ADMIN\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\ADMIN\Plocha\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\docume~1\ADMIN\LOCALS~1\Temp\USP9.tmp"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-03 do 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-01 16:05 . 2012-09-01 16:05 -------- d-----w- C:\0db436eca674c5491c0091d591e9
2012-09-01 16:04 . 2012-09-01 16:04 -------- d-----w- c:\documents and settings\ADMIN\Data aplikací\Malwarebytes
2012-09-01 16:03 . 2012-09-01 16:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-01 16:03 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 16:03 . 2012-09-01 16:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-01 15:34 . 2012-09-01 15:35 -------- d-----w- c:\program files\CCleaner
2012-09-01 04:29 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-09-01 04:29 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2012-09-01 04:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-09-01 04:23 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-09-01 04:20 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-09-01 04:20 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-09-01 04:18 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-09-01 04:16 . 2012-07-02 17:38 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-01 04:12 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-09-01 04:11 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\l2schemas
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\system32\cs
2012-08-31 15:25 . 2012-08-31 15:25 -------- d-----w- c:\windows\system32\bits
2012-08-31 15:11 . 2012-08-31 15:11 -------- d-----w- c:\windows\EHome
2012-08-31 15:00 . 2012-08-31 15:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-31 10:58 . 2012-08-31 10:58 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\PCHealth
2012-08-31 10:28 . 2012-08-31 10:29 -------- d-----w- C:\rsit
2012-08-13 20:26 . 2012-09-03 07:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2012-08-13 20:26 . 2012-09-01 15:40 -------- d-----w- c:\documents and settings\ADMIN\Local Settings\Data aplikací\LogMeIn Hamachi
2012-08-13 20:26 . 2012-08-13 20:26 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-08-11 09:12 . 2012-09-02 11:57 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 11:57 . 2011-07-11 19:15 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 23:01 . 2012-07-16 23:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-16 23:01 . 2012-07-16 23:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:07 . 2012-07-07 18:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2012-07-07 18:54 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2012-01-01 21:44 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2006-12-19 14:43 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2009-08-19 15:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-07-17 21:44 . 2011-05-06 22:19 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
2012-07-23 07:11 1105144 ----a-w- c:\program files\Clownfish\Clownfish.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-02-13 08:06 3481408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaMessenger]
2012-08-14 11:02 7723384 ----a-w- c:\program files\Garena Plus\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-02-29 23:58 1634112 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TunngleService"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"DAUpdaterSvc"=3 (0x3)
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Fox\\Aliens vs. Predator 2\\lithtech.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Cossacks - Napoleonic Wars\\Data\\engine.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.EXE"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\War2Combat\\Warcraft II BNE.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\Halo 2\\halo2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\GMOD10\\hl2.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\rc\\RAL.EXE"=
"c:\\Program Files\\Reality Pump\\The Moon Project\\TheMoonProject.exe"=
"c:\\Program Files\\GOG.com\\Knights and Merchants TPR\\KM_TPR.exe"=
"c:\\Documents and Settings\\ADMIN\\Plocha\\Šuplík\\aoe 2\\age2_x1.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=
"c:\\Documents and Settings\\ADMIN\\Local Settings\\Apps\\2.0\\YPO3Y721.AJB\\YH3PME35.KBC\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Dokumenty\\IL-2 Sturmovik Forgotten Battles\\il2fb.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Valvenonsteam\\Valve\\hl.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Tunngle\\tnglctrl.exe"=
"c:\\Program Files\\Tunngle\\tunngle.exe"=
"c:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\rct.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Team17\\Worms World Party\\wwp.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\haloupdate.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\chktrust.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Postal2STP\\System\\Postal2MP.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Garena Plus\\room\\garena_room.exe"=
"c:\\Program Files\\Psygnosis\\Rollcage\\Direct3D\\Rollcage.exe"=
"c:\\Program Files\\Worms Armageddon - New Edition\\WA.exe"=
"c:\\KaM Remake\\KaM_Remake.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"20807:TCP"= 20807:TCP:BitComet 20807 TCP
"20807:UDP"= 20807:UDP:BitComet 20807 UDP
"6115:TCP"= 6115:TCP:TCP Port 6115
"6112:TCP"= 6112:TCP:TCP Port 6112
"6113:TCP"= 6113:TCP:TCP Port 6113
"6114:TCP"= 6114:TCP:TCP Port 6114
"6116:TCP"= 6116:TCP:TCP Port 6116
"6117:TCP"= 6117:TCP:TCP Port 6117
"6118:TCP"= 6118:TCP:TCP Port 6118
"6119:TCP"= 6119:TCP:TCP Port 6119
"6120:TCP"= 6120:TCP:TCP Port 6120
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 7:30 32592]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.10.2011 7:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 2:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2.8.2011 7:09 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [27.6.2012 12:29 1385896]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [3.5.2011 22:56 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [12.10.2011 7:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 GarenaPEngine;GarenaPEngine; [x]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [1.6.2010 20:42 16640]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.5.2012 18:45 113120]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [14.3.2012 1:08 2348352]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [3.5.2011 22:56 737016]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - project
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: Interfaces\{CC6887A6-1EF0-4668-9EAD-FF427347F0FC}: NameServer = 193.85.1.100,193.85.2.100,10.25.8.7,10.25.8.5
FF - ProfilePath - c:\documents and settings\ADMIN\Data aplikací\Mozilla\Firefox\Profiles\a0llz3af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 09:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,96,ea,b1,f2,5b,37,4f,ab,46,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,96,ea,b1,f2,5b,37,4f,ab,46,6d,\
.
[HKEY_USERS\S-1-5-21-2000478354-1682526488-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:1c,b1,8f,db,ad,aa,df,2e,93,5a,3e,79,a3,9a,d7,f5,a5,2d,10,60,3c,
ee,14,ca,a3,d2,c3,46,cd,a8,44,5e,4e,bc,06,2b,1f,ff,1f,4e,ff,28,d4,7a,3d,ed,\
"rkeysecu"=hex:71,fd,f4,2e,51,e1,fc,3d,f0,e1,a2,91,5e,9c,9e,55
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2012-09-03 09:15:33
ComboFix-quarantined-files.txt 2012-09-03 07:15
ComboFix2.txt 2012-09-01 20:50
.
Před spuštěním: Volných bajtů: 18 558 484 480
Po spuštění: Volných bajtů: 18 541 334 528
.
- - End Of File - - B81C704AD5ED1D26A08DA5DE85BCA799

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak ještě jednou protáhni PC přes Mbam, ale tentokrát dej Úplnou kontrolu a zase sem s logem dřív než budeš mazat.

[Galates]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.09.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: PP2 [administrátor]

4.9.2012 10:45:41
mbam-log-2012-09-04 (12-44-57).txt

Typ: Úplná kontrola (C:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 483803
Uplynulý čas: 1 hodin, 59 minut, 1 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Documents and Settings\ADMIN\Dokumenty\Stažené soubory\SoftonicDownloader_for_tunngle.exe (PUP.OfferBundler.ST) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Dokumenty\Sony vegas pro\svpcz\Keygen.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.

(konec)