Pomali start PC

[Hurtiger]

Dobry den v poslednom case sa mi dlho spusta PC. Prosim o kontrolu logu. Dakujem

Logfile of random's system information tool 1.07 (written by random/random)
Run by Petrik at 2010-06-12 08:29:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (43%) free of 50 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:30:00, on 12.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Games\Far Cry 2\bin\FAH.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dodatki\Total CMA Pack\TOTALCMD.EXE
E:\Instal\Rozne\RSIT.exe
C:\Program Files\trend micro\Petrik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\AutoCAD LT 2010\AdComFolderWatch.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FAH@E:+Games+Far Cry 2+bin+FAH.exe - Stanford University - E:\Games\Far Cry 2\bin\FAH.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8655 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5904DAD7-8206-4EB9-AD5D-CE152DF6FAE4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-06-26 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2010-05-11 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-06-26 1215488]
{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2010-05-11 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-13 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-04-07 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Games\Counter-Strike\hl.exe"="E:\Games\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Games\MotoGP 08\Launcher.exe"="E:\Games\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"E:\Games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe"="E:\Games\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:*:Enabled:R6Vegas2_Game"
"E:\Games\Pure\Pure.exe"="E:\Games\Pure\Pure.exe:*:Enabled:Pure"
"E:\Games\RFactor 2008\rFactor.exe"="E:\Games\RFactor 2008\rFactor.exe:*:Enabled:rFactor"
"E:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="E:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"E:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="E:\Games\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\Program Files\Infogrames\Grand Prix 4 2009\GP4.exe"="C:\Program Files\Infogrames\Grand Prix 4 2009\GP4.exe:*:Enabled:GP4"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"F:\program files\Eidos\Battlestations Pacific\bsp.exe"="F:\program files\Eidos\Battlestations Pacific\bsp.exe:*:Enabled:Battlestations: Pacific"
"E:\Games\Battlestations Pacific\bsp.exe"="E:\Games\Battlestations Pacific\bsp.exe:*:Enabled:Battlestations: Pacific"
"E:\Games\ArmA 2\arma2.exe"="E:\Games\ArmA 2\arma2.exe:*:Enabled:ArmA 2"
"E:\Games\Grand Prix 4 2009\GP4.exe"="E:\Games\Grand Prix 4 2009\GP4.exe:*:Enabled:GP4"
"C:\Program Files\GBM\GRemote Pro\GRemoteServer.exe"="C:\Program Files\GBM\GRemote Pro\GRemoteServer.exe:*:Enabled:GRemoteServer Pro"
"E:\Games\NBA 2K10\nba2k10.exe"="E:\Games\NBA 2K10\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"E:\Games\OF Dragon Rising\OFDR.exe"="E:\Games\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"
"E:\Games\Pro Evolution Soccer 2010\pes2010.exe"="E:\Games\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe"="E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe"="E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"E:\Games\DiRT2\dirt2_game.exe"="E:\Games\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Games\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Games\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe"="E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"E:\Games\Assassin's Creed II\AssassinsCreedII.exe"="E:\Games\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"E:\Games\Assassin's Creed II\UPlayBrowser.exe"="E:\Games\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"E:\Instal\uTorrent\Stiahnute\Assassins Creed 2 - crack\Assassins Creed II - Emulator\server.exe"="E:\Instal\uTorrent\Stiahnute\Assassins Creed 2 - crack\Assassins Creed II - Emulator\server.exe:*:Enabled:server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a29d55-146a-11dd-a51c-001e8c8ba1e7}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-06-12 08:29:56 ----D---- C:\rsit
2010-06-12 08:21:47 ----D---- C:\Program Files\trend micro
2010-06-10 11:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 11:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 11:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 11:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 11:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 11:05:20 ----A---- C:\WINDOWS\imsins.BAK
2010-06-10 11:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-05-29 09:49:34 ----D---- C:\Documents and Settings\Petrik\Application Data\RigNRoll_eng
2010-05-29 09:40:48 ----RA---- C:\WINDOWS\system32\tmp21A.tmp
2010-05-29 09:40:47 ----RA---- C:\WINDOWS\system32\tmp219.tmp
2010-05-26 11:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-13 20:55:13 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-05-13 20:55:09 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-05-13 20:55:09 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-05-13 20:55:01 ----D---- C:\Program Files\Common Files\xing shared
2010-05-13 20:54:47 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-05-13 20:54:46 ----D---- C:\Program Files\Real
2010-05-13 20:54:45 ----D---- C:\Documents and Settings\All Users\Application Data\Real

======List of files/folders modified in the last 1 months======

2010-06-12 08:29:56 ----D---- C:\WINDOWS\Temp
2010-06-12 08:24:41 ----D---- C:\Documents and Settings\Petrik\Application Data\uTorrent
2010-06-12 08:23:11 ----D---- C:\WINDOWS\Prefetch
2010-06-12 08:21:47 ----D---- C:\Program Files
2010-06-12 07:56:22 ----HD---- C:\WINDOWS\inf
2010-06-12 07:56:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-11 21:58:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-10 12:27:30 ----D---- C:\WINDOWS
2010-06-10 11:40:12 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 11:39:54 ----RSD---- C:\WINDOWS\assembly
2010-06-10 11:25:17 ----D---- C:\WINDOWS\system32
2010-06-10 11:09:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 11:08:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-10 11:08:49 ----SHD---- C:\Config.Msi
2010-06-10 11:08:43 ----SHD---- C:\WINDOWS\Installer
2010-06-10 11:07:45 ----D---- C:\Program Files\Internet Explorer
2010-06-10 11:04:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 11:04:06 ----D---- C:\WINDOWS\WinSxS
2010-06-04 23:24:49 ----D---- C:\Documents and Settings\Petrik\Application Data\Skype
2010-06-04 16:04:31 ----D---- C:\Documents and Settings\Petrik\Application Data\skypePM
2010-06-02 10:19:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-29 09:40:47 ----D---- C:\WINDOWS\system32\DirectX
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-26 18:12:37 ----D---- C:\Program Files\Mozilla Firefox
2010-05-20 17:13:46 ----D---- C:\WINDOWS\system32\config
2010-05-20 06:38:35 ----D---- C:\Program Files\uTorrent
2010-05-13 20:55:56 ----SD---- C:\WINDOWS\Tasks
2010-05-13 20:55:53 ----D---- C:\Documents and Settings\Petrik\Application Data\Real
2010-05-13 20:55:16 ----D---- C:\Program Files\Common Files\Real
2010-05-13 20:55:01 ----D---- C:\Program Files\Common Files
2010-05-13 20:54:47 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-05-13 18:36:39 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-17 279712]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-03-17 25888]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-04-07 4687872]
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 ovfsthafkmlkjtydcxxujyutvnhamtveoxuxtk;ovfsthafkmlkjtydcxxujyutvnhamtveoxuxtk; C:\WINDOWS\system32\drivers\ovfstheawaeabhowttuvjeqneyoflvohdelrdn.sys []
S3 aaqcusy5;aaqcusy5; C:\WINDOWS\system32\drivers\aaqcusy5.sys []
S3 AteksoftAudio;WebCamera Plus Audio; C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-18 11776]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 catchme;catchme; \??\C:\DOCUME~1\Petrik\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys []
S3 DSGACommsDriver;DSGACommsDriver; \??\C:\WINDOWS\system32\drivers\DSGACommsDriver.sys []
S3 DSGAFilterDriver;DSGAFilterDriver; \??\C:\WINDOWS\system32\drivers\DSGAFilterDriver.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator; C:\WINDOWS\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver; C:\WINDOWS\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-04-07 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FAH@E:+Games+Far Cry 2+bin+FAH.exe;FAH@E:+Games+Far Cry 2+bin+FAH.exe; E:\Games\Far Cry 2\bin\FAH.exe [2008-10-05 253952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-31 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-19 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Hurtiger]

ComboFix 10-06-11.01 - Petrik 12.06.2010 21:57:35.7.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1608 [GMT 2:00]
Running from: c:\documents and settings\Petrik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{54130DE8-75E8-43BA-A8B0-FDC56BFD56FA}
c:\program files\Mozilla Firefox\extensions\{54130DE8-75E8-43BA-A8B0-FDC56BFD56FA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{54130DE8-75E8-43BA-A8B0-FDC56BFD56FA}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{54130DE8-75E8-43BA-A8B0-FDC56BFD56FA}\install.rdf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ovfsthafkmlkjtydcxxujyutvnhamtveoxuxtk
-------\Service_ovfsthafkmlkjtydcxxujyutvnhamtveoxuxtk


((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-12 06:29 . 2010-06-12 06:30 -------- d-----w- C:\rsit
2010-06-12 06:21 . 2010-06-12 06:30 -------- d-----w- c:\program files\trend micro
2010-06-10 04:42 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-29 07:49 . 2010-05-29 07:49 -------- d-----w- c:\documents and settings\Petrik\Application Data\RigNRoll_eng
2010-05-28 05:44 . 2010-05-28 05:44 503808 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\msvcp71.dll
2010-05-28 05:44 . 2010-05-28 05:44 499712 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\jmc.dll
2010-05-28 05:44 . 2010-05-28 05:44 348160 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\msvcr71.dll
2010-05-28 05:44 . 2010-05-28 05:44 61440 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bc348a4-n\decora-sse.dll
2010-05-28 05:44 . 2010-05-28 05:44 12800 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bc348a4-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 06:24 . 2008-04-18 17:07 -------- d-----w- c:\documents and settings\Petrik\Application Data\uTorrent
2010-06-04 21:24 . 2008-03-20 18:18 -------- d-----w- c:\documents and settings\Petrik\Application Data\Skype
2010-06-04 14:04 . 2008-03-20 18:18 -------- d-----w- c:\documents and settings\Petrik\Application Data\skypePM
2010-05-20 04:38 . 2008-04-18 17:07 -------- d-----w- c:\program files\uTorrent
2010-05-13 18:55 . 2010-05-13 18:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-13 18:55 . 2010-05-13 18:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-13 18:55 . 2010-05-13 18:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-13 18:55 . 2010-05-13 18:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-13 18:55 . 2010-05-13 18:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-13 18:55 . 2009-05-04 17:15 -------- d-----w- c:\program files\Common Files\Real
2010-05-13 18:55 . 2010-05-13 18:54 -------- d-----w- c:\program files\Real
2010-05-13 18:55 . 2010-05-13 18:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-13 18:54 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-06 10:41 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 20:09 . 2008-03-24 11:43 -------- d-----w- c:\program files\CCleaner
2010-05-02 05:22 . 2004-08-04 01:07 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 19:55 . 2008-05-06 14:11 -------- d-----w- c:\documents and settings\Petrik\Application Data\Ubisoft
2010-04-27 19:55 . 2008-05-06 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-04-27 19:41 . 2010-04-27 19:41 -------- d-----w- c:\program files\Ubisoft
2010-04-27 19:40 . 2008-03-20 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-20 19:46 . 2008-12-19 13:43 -------- d-----w- c:\program files\Java
2010-04-20 05:30 . 2004-08-04 01:07 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 15:29 . 2010-04-20 19:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 16:36 . 2010-04-08 16:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-08 16:34 . 2010-04-08 16:34 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-08 16:32 . 2010-04-08 16:32 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-08 16:32 . 2010-04-08 16:32 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-08 16:28 . 2010-04-08 16:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-08 16:27 . 2010-04-08 16:34 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-08 16:27 . 2010-04-08 16:34 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-07 02:42 . 2008-10-07 15:29 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2009-06-26 19:21 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2009-04-29 01:18 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2009-04-29 01:45 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2009-06-26 19:21 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2008-10-07 15:29 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2008-10-07 15:29 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2009-04-29 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2008-10-07 15:29 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2009-06-26 19:21 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2009-06-26 19:21 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26 . 2010-03-11 19:40 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23 . 2009-04-29 01:22 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2009-04-29 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2009-04-29 01:20 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2008-10-07 15:29 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:02 . 2010-04-06 16:02 503808 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\msvcp71.dll
2010-04-06 16:02 . 2010-04-06 16:02 499712 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\jmc.dll
2010-04-06 16:02 . 2010-04-06 16:02 348160 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\msvcr71.dll
2010-04-06 16:02 . 2010-04-06 16:02 61440 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d57e290-n\decora-sse.dll
2010-04-06 16:02 . 2010-04-06 16:02 12800 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d57e290-n\decora-d3d.dll
2010-03-31 01:58 . 2009-04-01 17:39 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-04-01 17:39 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2008-03-23 12:09 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-03-23 12:09 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-17 15:06 . 2009-06-26 19:21 202234 ----a-w- c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-05-11 18:15 2515552 ----a-w- c:\program files\Softonic_English\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-13 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Games\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\RFactor 2008\\rFactor.exe"=
"e:\\Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Games\\Battlestations Pacific\\bsp.exe"=
"e:\\Games\\NBA 2K10\\nba2k10.exe"=
"e:\\Games\\OF Dragon Rising\\OFDR.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"e:\\Games\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Games\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"e:\\Games\\Assassin's Creed II\\AssassinsCreedII.exe"=
"e:\\Games\\Assassin's Creed II\\UPlayBrowser.exe"=
"e:\\Instal\\uTorrent\\Stiahnute\\Assassins Creed 2 - crack\\Assassins Creed II - Emulator\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2008 15:45 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 FAH@E:+Games+Far Cry 2+bin+FAH.exe;FAH@E:+Games+Far Cry 2+bin+FAH.exe;e:\games\Far Cry 2\bin\FAH.exe -svcstart --> e:\games\Far Cry 2\bin\FAH.exe -svcstart [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.3.2008 12:00 38656]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 17:42 6528]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [17.3.2009 20:57 11776]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 DSGACommsDriver;DSGACommsDriver;c:\windows\system32\drivers\DSGACommsDriver.sys [8.8.2009 12:06 19168]
S3 DSGAFilterDriver;DSGAFilterDriver;c:\windows\system32\drivers\DSGAFilterDriver.sys [8.8.2009 12:06 17632]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\drivers\GRemoteBus.sys [5.8.2009 20:37 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\drivers\GRemoteJoy.sys [5.8.2009 20:37 39112]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 16:33 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 16:32 28800]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [6.4.2008 22:22 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2.11.2008 17:54 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2.11.2008 17:54 97088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-22 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-20 08:39]

2010-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{5904DAD7-8206-4EB9-AD5D-CE152DF6FAE4}.job
- c:\windows\system32\msfeedssync.exe [2009-05-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - component: c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 22:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spli.sys >>UNKNOWN [0x8A5F9938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9cffbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d0ca21
SendHandler -> NDIS.sys @ 0xb9cea87b
user & kernel MBR OK

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@E:+Games+Far Cry 2+bin+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1060284298-1229272821-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,ad,5a,8a,4c,eb,52,88,e2,95,d8,11,1b,80,d3,8d,cf,63,54,b8,a9,
af,58,b0,e8,45,70,18,3b,21,01,9e,0d,eb,a6,90,37,e4,47,c0,e8,1d,d9,dc,f0,94,\
"rkeysecu"=hex:4e,ee,d5,77,80,cb,29,03,86,f8,21,d8,14,6a,b8,93
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2348)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
e:\games\Far Cry 2\bin\FAH.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-06-12 22:08:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-12 20:08

Pre-Run: 22 446 084 096 bytes free
Post-Run: 18 adresárov, 22 386 532 352 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 5F8914135B1D359A39940B2B830F507B

[Rudy]

Několik položek bylo smazáno. Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[Hurtiger]

ComboFix 10-06-13.04 - Petrik 14.06.2010 16:08:50.8.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1515 [GMT 2:00]
Running from: c:\documents and settings\Petrik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Petrik\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-05-14 to 2010-06-14 )))))))))))))))))))))))))))))))
.

2010-06-12 06:29 . 2010-06-12 06:30 -------- d-----w- C:\rsit
2010-06-12 06:21 . 2010-06-12 06:30 -------- d-----w- c:\program files\trend micro
2010-06-10 04:42 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-29 07:49 . 2010-05-29 07:49 -------- d-----w- c:\documents and settings\Petrik\Application Data\RigNRoll_eng
2010-05-28 05:44 . 2010-05-28 05:44 503808 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\msvcp71.dll
2010-05-28 05:44 . 2010-05-28 05:44 499712 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\jmc.dll
2010-05-28 05:44 . 2010-05-28 05:44 348160 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2fdc6894-n\msvcr71.dll
2010-05-28 05:44 . 2010-05-28 05:44 61440 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bc348a4-n\decora-sse.dll
2010-05-28 05:44 . 2010-05-28 05:44 12800 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4bc348a4-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 14:02 . 2008-03-20 18:18 -------- d-----w- c:\documents and settings\Petrik\Application Data\Skype
2010-06-14 10:56 . 2008-03-20 18:18 -------- d-----w- c:\documents and settings\Petrik\Application Data\skypePM
2010-06-12 06:24 . 2008-04-18 17:07 -------- d-----w- c:\documents and settings\Petrik\Application Data\uTorrent
2010-05-20 04:38 . 2008-04-18 17:07 -------- d-----w- c:\program files\uTorrent
2010-05-13 18:55 . 2010-05-13 18:55 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-13 18:55 . 2010-05-13 18:55 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-13 18:55 . 2010-05-13 18:55 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-13 18:55 . 2010-05-13 18:55 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-13 18:55 . 2010-05-13 18:55 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-13 18:55 . 2010-05-13 18:55 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-13 18:55 . 2009-05-04 17:15 -------- d-----w- c:\program files\Common Files\Real
2010-05-13 18:55 . 2010-05-13 18:54 -------- d-----w- c:\program files\Real
2010-05-13 18:55 . 2010-05-13 18:55 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-13 18:54 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-06 10:41 . 2004-08-04 01:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-05 20:09 . 2008-03-24 11:43 -------- d-----w- c:\program files\CCleaner
2010-05-02 05:22 . 2004-08-04 01:07 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 19:55 . 2008-05-06 14:11 -------- d-----w- c:\documents and settings\Petrik\Application Data\Ubisoft
2010-04-27 19:55 . 2008-05-06 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2010-04-27 19:41 . 2010-04-27 19:41 -------- d-----w- c:\program files\Ubisoft
2010-04-27 19:40 . 2008-03-20 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-20 19:46 . 2008-12-19 13:43 -------- d-----w- c:\program files\Java
2010-04-20 05:30 . 2004-08-04 01:07 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-12 15:29 . 2010-04-20 19:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 16:36 . 2010-04-08 16:36 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-08 16:34 . 2010-04-08 16:34 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-08 16:34 . 2010-04-08 16:34 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-04-08 16:33 . 2010-04-08 16:33 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-08 16:32 . 2010-04-08 16:32 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-08 16:32 . 2010-04-08 16:32 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-04-08 16:28 . 2010-04-08 16:28 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-08 16:27 . 2010-04-08 16:34 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-08 16:27 . 2010-04-08 16:34 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-07 02:42 . 2008-10-07 15:29 4687872 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-04-07 02:02 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-04-07 02:02 . 2009-04-29 01:20 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-04-07 02:01 . 2009-06-26 19:21 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-04-07 02:00 . 2009-04-29 01:18 3981312 ----a-w- c:\windows\system32\aticaldd.dll
2010-04-07 01:52 . 2009-04-29 01:45 14356480 ----a-w- c:\windows\system32\atioglxx.dll
2010-04-07 01:46 . 2009-06-26 19:21 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-04-07 01:45 . 2008-10-07 15:29 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-04-07 01:41 . 2008-10-07 15:29 3620288 ----a-w- c:\windows\system32\ati3duag.dll
2010-04-07 01:31 . 2009-04-29 02:07 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-04-07 01:30 . 2009-04-29 02:06 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-04-07 01:30 . 2009-04-29 02:06 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-04-07 01:30 . 2009-04-29 02:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-04-07 01:30 . 2009-04-29 02:06 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-04-07 01:28 . 2009-04-29 02:04 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-04-07 01:28 . 2008-10-07 15:29 2220928 ----a-w- c:\windows\system32\ativvaxx.dll
2010-04-07 01:27 . 2009-06-26 19:21 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-04-07 01:27 . 2009-06-26 19:21 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-04-07 01:27 . 2009-04-29 02:03 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-04-07 01:26 . 2010-03-11 19:40 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-04-07 01:23 . 2009-04-29 01:22 585728 ----a-w- c:\windows\system32\atikvmag.dll
2010-04-07 01:21 . 2009-04-29 01:17 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-04-07 01:21 . 2009-04-29 01:20 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-04-07 01:20 . 2009-04-29 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-04-07 01:15 . 2008-10-07 15:29 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-04-07 01:15 . 2009-04-29 01:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-04-07 01:14 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-04-07 01:14 . 2009-04-29 01:26 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-04-06 16:02 . 2010-04-06 16:02 503808 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\msvcp71.dll
2010-04-06 16:02 . 2010-04-06 16:02 499712 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\jmc.dll
2010-04-06 16:02 . 2010-04-06 16:02 348160 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3be5763e-n\msvcr71.dll
2010-04-06 16:02 . 2010-04-06 16:02 61440 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d57e290-n\decora-sse.dll
2010-04-06 16:02 . 2010-04-06 16:02 12800 ----a-w- c:\documents and settings\Petrik\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7d57e290-n\decora-d3d.dll
2010-03-31 01:58 . 2009-04-01 17:39 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2009-04-01 17:39 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2008-03-23 12:09 44944 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-03-31 01:58 . 2008-03-23 12:09 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-17 15:06 . 2009-06-26 19:21 202234 ----a-w- c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2010-05-11 18:15 2515552 ----a-w- c:\program files\Softonic_English\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSof0.dll" [2010-05-11 2515552]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-13 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Games\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"e:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Games\\RFactor 2008\\rFactor.exe"=
"e:\\Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Games\\Battlestations Pacific\\bsp.exe"=
"e:\\Games\\NBA 2K10\\nba2k10.exe"=
"e:\\Games\\OF Dragon Rising\\OFDR.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4sp.exe"=
"e:\\Games\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"e:\\Games\\DiRT2\\dirt2_game.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Games\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Games\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"e:\\Games\\Assassin's Creed II\\AssassinsCreedII.exe"=
"e:\\Games\\Assassin's Creed II\\UPlayBrowser.exe"=
"e:\\Instal\\uTorrent\\Stiahnute\\Assassins Creed 2 - crack\\Assassins Creed II - Emulator\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
R2 FAH@E:+Games+Far Cry 2+bin+FAH.exe;FAH@E:+Games+Far Cry 2+bin+FAH.exe;e:\games\Far Cry 2\bin\FAH.exe -svcstart --> e:\games\Far Cry 2\bin\FAH.exe -svcstart [?]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [21.3.2008 12:00 38656]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [7.8.2003 17:42 6528]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2008 15:45 691696]
S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [17.3.2009 20:57 11776]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 DSGACommsDriver;DSGACommsDriver;c:\windows\system32\drivers\DSGACommsDriver.sys [8.8.2009 12:06 19168]
S3 DSGAFilterDriver;DSGAFilterDriver;c:\windows\system32\drivers\DSGAFilterDriver.sys [8.8.2009 12:06 17632]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\drivers\GRemoteBus.sys [5.8.2009 20:37 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\drivers\GRemoteJoy.sys [5.8.2009 20:37 39112]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 16:33 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 16:32 28800]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [6.4.2008 22:22 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2.11.2008 17:54 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2.11.2008 17:54 97088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-18 15:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-22 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-20 08:39]

2010-06-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-06-14 c:\windows\Tasks\User_Feed_Synchronization-{5904DAD7-8206-4EB9-AD5D-CE152DF6FAE4}.job
- c:\windows\system32\msfeedssync.exe [2009-05-12 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - component: c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Petrik\Application Data\Mozilla\Firefox\Profiles\c4pg0ql7.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@E:+Games+Far Cry 2+bin+FAH.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1060284298-1229272821-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,ad,5a,8a,4c,eb,52,88,e2,95,d8,11,1b,80,d3,8d,cf,63,54,b8,a9,
af,58,b0,e8,45,70,18,3b,21,01,9e,0d,eb,a6,90,37,e4,47,c0,e8,1d,d9,dc,f0,94,\
"rkeysecu"=hex:4e,ee,d5,77,80,cb,29,03,86,f8,21,d8,14,6a,b8,93
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
Completion time: 2010-06-14 16:14:52
ComboFix-quarantined-files.txt 2010-06-14 14:14
ComboFix2.txt 2010-06-12 20:08

Pre-Run: 22 318 030 848 bytes free
Post-Run: 22 299 279 360 bytes free

- - End Of File - - F609EC88A0E05B85D8136F1ED254C198

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[Hurtiger]

Zatiaľ sa to moc nezlepšilo a ešte aj pri spustení PC "čo mi predtým nerobilo" vybehne (tesne pred logom Windows XP) čierna obrazovka v ktorej mam vybrať operačný systém, ale asi tak na 1-nu sekundu ani nestihnem nič potvrdiť a spúšťanie PC samovoľne pokračuje. Neviem či mi stým pomôžete.

[Rudy]

1. Nainstaloval jste si konzolu pro zotavení, což jsem po vás nežádal. Konzola ničemu nevadí, pouze zpozdí start o cca 1-2s.
2. Vyčistěte PC CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .
3. Pokud by to nepomohlo, zkuste optimalizaci XPManagerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=17549 .

[Hurtiger]

Po cleanery sa zdá byť štart PC lepší ale ten vyber operačného systému pri štarte PC nezmizol. Dá sa to nejako vypnúť?

A ešte môžem Vám prisahať že vedome som si žiadnu konzolu pre zotavenie nenainštaloval, ale aj tak Vám veľmi pekne Ďakujem.

[Rudy]

Při spuštění CF jste si kliknul na toto:



resp. na "ANO". Odstranit to lze jen ruční editací souboru boot.ini, o kterém (konkrétním( ve vašem PC nevím zhola nic. Může mít mnoho variant, ale ten základní vypadá takto:

Ukázkový soubor Boot.ini
Jedná se o ukázku výchozího souboru Boot.ini v počítači se systémem Windows XP Professional.
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

Upozorňuji, že může vypadat v závislosti na počtu oper. systémů i jinak.
Jakákoli chyba v editaci znamená, že vám nenastartuje systém!!!


Nemáte zač!

[Hurtiger]

Dobrý deň
Chcem sa ospravedlniť naozaj som si nevšimol že pri inštalovaní CF som potvrdil aby sa nainštalovala konzola pre zotavenie. Odstránenie cez editáciu boot.ini mi pripadá dosť komplikované. Chcem sa spýtať či by mi nepomohol vrátiť späť PC cez bod obnovenia? Ak áno tak k akému dátumu ho obnoviť a ako mám pokračovať vzhľadom na predošle vyčistenie PC cez Combofix. Ďakujem za odpoveď.

[Rudy]

Mám dojem, že na toto obnova systému nefunguje. Ničemu to nevadí, jen se o maličko prodlouží start.

[Hurtiger]

Tu posielam ešte log z RSIT a chcem sa spýtať ako sa odstraňuje COMBOFIX. Ďakujem


Logfile of random's system information tool 1.07 (written by random/random)
Run by Petrik at 2010-06-15 19:59:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (43%) free of 50 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:03, on 15.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Games\Far Cry 2\bin\FAH.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dodatki\Total CMA Pack\TOTALCMD.EXE
E:\Instal\Rozne\RSIT.exe
C:\Program Files\trend micro\Petrik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSof0.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FAH@E:+Games+Far Cry 2+bin+FAH.exe - Stanford University - E:\Games\Far Cry 2\bin\FAH.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8586 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1229272821-839522115-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{5904DAD7-8206-4EB9-AD5D-CE152DF6FAE4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-06-26 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2010-05-11 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-06-26 1215488]
{930f1200-f5f1-4870-bac6-e233ec8e7023} - Softonic English Toolbar - C:\Program Files\Softonic_English\tbSof0.dll [2010-05-11 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-03 98304]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-13 202256]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-05-05 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Games\Counter-Strike\hl.exe"="E:\Games\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Games\RFactor 2008\rFactor.exe"="E:\Games\RFactor 2008\rFactor.exe:*:Enabled:rFactor"
"E:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"E:\Games\Battlestations Pacific\bsp.exe"="E:\Games\Battlestations Pacific\bsp.exe:*:Enabled:Battlestations: Pacific"
"E:\Games\NBA 2K10\nba2k10.exe"="E:\Games\NBA 2K10\nba2k10.exe:*:Enabled:2K Sports NBA 2K10"
"E:\Games\OF Dragon Rising\OFDR.exe"="E:\Games\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"
"E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe"="E:\Games\Call of Duty Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe"="E:\Games\Call of Duty Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"E:\Games\DiRT2\dirt2_game.exe"="E:\Games\DiRT2\dirt2_game.exe:*:Enabled:DiRT2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"E:\Games\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Games\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe"="E:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"E:\Games\Assassin's Creed II\AssassinsCreedII.exe"="E:\Games\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"E:\Games\Assassin's Creed II\UPlayBrowser.exe"="E:\Games\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"E:\Instal\uTorrent\Stiahnute\Assassins Creed 2 - crack\Assassins Creed II - Emulator\server.exe"="E:\Instal\uTorrent\Stiahnute\Assassins Creed 2 - crack\Assassins Creed II - Emulator\server.exe:*:Enabled:server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-06-15 19:43:19 ----A---- C:\ComboFix.txt
2010-06-15 19:04:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-15 16:37:42 ----D---- C:\Program Files\QuickTime
2010-06-15 16:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-12 21:56:33 ----A---- C:\Boot.bak
2010-06-12 21:56:30 ----RASHD---- C:\cmdcons
2010-06-12 21:39:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-06-12 21:39:50 ----A---- C:\WINDOWS\MBR.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\zip.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\SWSC.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\SWREG.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\sed.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\PEV.exe
2010-06-12 21:39:48 ----A---- C:\WINDOWS\grep.exe
2010-06-12 21:37:33 ----D---- C:\Qoobox
2010-06-12 08:29:56 ----D---- C:\rsit
2010-06-12 08:21:47 ----D---- C:\Program Files\trend micro
2010-06-10 11:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 11:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 11:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 11:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 11:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 11:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-05-29 09:49:34 ----D---- C:\Documents and Settings\Petrik\Application Data\RigNRoll_eng
2010-05-29 09:40:48 ----RA---- C:\WINDOWS\system32\tmp21A.tmp
2010-05-29 09:40:47 ----RA---- C:\WINDOWS\system32\tmp219.tmp
2010-05-26 11:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-15 19:59:59 ----D---- C:\WINDOWS\Temp
2010-06-15 19:42:09 ----D---- C:\WINDOWS
2010-06-15 19:42:09 ----A---- C:\WINDOWS\system.ini
2010-06-15 19:40:53 ----D---- C:\WINDOWS\system32\drivers
2010-06-15 19:40:53 ----D---- C:\WINDOWS\system32
2010-06-15 19:40:53 ----D---- C:\WINDOWS\AppPatch
2010-06-15 19:40:50 ----D---- C:\Program Files\Common Files
2010-06-15 19:39:58 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-15 19:39:28 ----D---- C:\WINDOWS\Prefetch
2010-06-15 16:39:20 ----SHD---- C:\WINDOWS\Installer
2010-06-15 16:38:24 ----D---- C:\Config.Msi
2010-06-15 16:37:42 ----D---- C:\Program Files
2010-06-15 16:36:37 ----D---- C:\Documents and Settings\Petrik\Application Data\Skype
2010-06-15 08:50:09 ----D---- C:\Documents and Settings\Petrik\Application Data\skypePM
2010-06-14 22:13:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-14 22:12:54 ----HD---- C:\WINDOWS\inf
2010-06-14 22:12:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-14 21:54:23 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-14 21:18:50 ----D---- C:\WINDOWS\Debug
2010-06-14 19:21:01 ----D---- C:\Documents and Settings\Petrik\Application Data\uTorrent
2010-06-12 22:07:21 ----D---- C:\WINDOWS\ERDNT
2010-06-12 22:00:21 ----D---- C:\WINDOWS\system32\config
2010-06-12 21:56:33 ----RASH---- C:\boot.ini
2010-06-10 11:40:12 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 11:39:54 ----RSD---- C:\WINDOWS\assembly
2010-06-10 11:08:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-10 11:07:45 ----D---- C:\Program Files\Internet Explorer
2010-06-10 11:04:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 11:04:06 ----D---- C:\WINDOWS\WinSxS
2010-05-29 09:40:47 ----D---- C:\WINDOWS\system32\DirectX
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-26 18:12:37 ----D---- C:\Program Files\Mozilla Firefox
2010-05-20 18:02:42 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-05-20 06:38:35 ----D---- C:\Program Files\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-03-17 279712]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-03-17 25888]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-05-05 4807680]
R3 catchme;catchme; \??\C:\DOCUME~1\Petrik\LOCALS~1\Temp\catchme.sys []
R3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2003-08-07 6528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 AteksoftAudio;WebCamera Plus Audio; C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-18 11776]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2009-04-01 93184]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ddsxeiservice;ddsxeiservice2; \??\C:\Program Files\sXe Injected\ddsxei.sys []
S3 DSGACommsDriver;DSGACommsDriver; \??\C:\WINDOWS\system32\drivers\DSGACommsDriver.sys []
S3 DSGAFilterDriver;DSGAFilterDriver; \??\C:\WINDOWS\system32\drivers\DSGAFilterDriver.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator; C:\WINDOWS\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
S3 GRemoteJoy;GRemote virtual joystick Device Driver; C:\WINDOWS\system32\DRIVERS\GRemoteJoy.sys [2009-08-05 39112]
S3 mbr;mbr; \??\C:\DOCUME~1\Petrik\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
S3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-05-05 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 FAH@E:+Games+Far Cry 2+bin+FAH.exe;FAH@E:+Games+Far Cry 2+bin+FAH.exe; E:\Games\Far Cry 2\bin\FAH.exe [2008-10-05 253952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-05-18 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-31 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-25 593920]
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-01-19 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

1. Log vypadá čistý.
2. CF odinstalujete: Start>spustit>(napsat) combofix /uninstall>OK. CF se spustí a vzápětí odinstaluje.