Preventivka

[MH20]

Dobrý den, chtěl bych požádat o preventivku ^.^ předem děkuji.

Logfile of random's system information tool 1.07 (written by random/random)
Run by MH20 at 2010-12-22 23:47:39
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 50 GB (11%) free of 477 GB
Total RAM: 3199 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:47:55, on 22.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MH20\Desktop\Moje\Programy\RSIT.exe
C:\Program Files\trend micro\MH20.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft] svdhost.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Microsoft] svdhost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - Startup: Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.3.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/Messenger ... 109791.cab
O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.co ... .3.1.0.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\EMACHINES Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate1ca145bff052e4b) (gupdate1ca145bff052e4b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 13550 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{C9B45C64-ECD0-426B-9FD0-67B0A7DA00B5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-11-24 1623392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-13 4915200]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"KBDriver"=C:\Program Files\Keyboard Driver\OEMDriver.exe [2006-07-25 151552]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2008-02-28 2049320]
"InCD"=C:\Program Files\Nero\Nero8\InCD\InCD.exe [2008-02-28 1083176]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-06 98304]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-11-24 2069344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"Microsoft"=C:\Windows\system32\svdhost.exe [2009-04-11 602522]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Steam"=c:\program files\steam\steam.exe [2010-11-17 1242448]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-01-15 102400]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-10-27 1103216]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-10-27 133432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

C:\Users\MH20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Impulse Now.lnk - C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\MH20\Desktop\Call.of.Duty.Modern.Warfare.2.PROPER-FULLRIP\Setup.exe"="C:\Users\MH20\Desktop\Call.of.Duty.Modern.Warfare.2.PROPER-FULLRIP\Setup.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Windows\system32\svdhost.exe"="C:\Windows\System32\svdhost.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12937223-503f-11df-8e16-001d9297f0be}]
shell\AutoRun\command - J:\EmDesk.exe
shell\EmDesk\command - J:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8565897f-80f4-11de-9aa5-001d9297f0be}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d2f013-805e-11de-9351-001d9297f0be}]
shell\AutoRun\command - I:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2010-12-18 23:30:13 ----SHD---- C:\Config.Msi
2010-12-17 21:11:24 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-12-16 20:10:12 ----D---- C:\Program Files\iPod
2010-12-16 15:16:08 ----D---- C:\61945ffbf906d2cefd50
2010-12-16 06:49:49 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 06:49:49 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 06:49:48 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 06:49:48 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 06:49:48 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 06:49:47 ----A---- C:\Windows\system32\consent.exe
2010-12-16 06:49:46 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 06:49:46 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 06:49:46 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 06:49:43 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 06:49:43 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 06:49:42 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 06:49:42 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 06:49:41 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 06:49:41 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 06:49:41 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-16 06:49:41 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 06:49:41 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 06:49:41 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-16 06:49:40 ----A---- C:\Windows\system32\occache.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-16 06:49:40 ----A---- C:\Windows\system32\ieui.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\iesetup.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\iernonce.dll
2010-12-16 06:49:40 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 06:49:36 ----A---- C:\Windows\system32\tzres.dll
2010-12-11 23:09:07 ----A---- C:\STFAF24.tmp
2010-12-09 22:33:22 ----D---- C:\Program Files\GameSpy Arcade
2010-12-09 16:16:44 ----D---- C:\Program Files\LogMeIn Hamachi
2010-12-07 19:03:20 ----D---- C:\ProgramData\Trymedia
2010-12-07 19:03:02 ----D---- C:\Program Files\Yahoo! Games
2010-11-22 15:08:02 ----D---- C:\Program Files\Chicken Invaders 3
2010-11-13 18:03:45 ----A---- C:\Windows\system32\Setup-codmw2.exe
2010-11-12 19:43:42 ----D---- C:\Program Files\Bonjour
2010-10-30 18:17:06 ----D---- C:\Users\MH20\AppData\Roaming\IGN_DLM
2010-10-30 18:15:24 ----D---- C:\Program Files\Download Manager
2010-10-27 11:02:09 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 11:02:08 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 11:02:07 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-27 04:08:16 ----A---- C:\Windows\system32\atioglxx.dll
2010-10-27 03:55:30 ----A---- C:\Windows\system32\atiapfxx.exe
2010-10-27 03:52:18 ----A---- C:\Windows\system32\ATIDEMGX.dll
2010-10-27 03:51:54 ----A---- C:\Windows\system32\atieclxx.exe
2010-10-27 03:51:26 ----A---- C:\Windows\system32\atiesrxx.exe
2010-10-27 03:50:20 ----A---- C:\Windows\system32\atitmmxx.dll
2010-10-27 03:49:56 ----A---- C:\Windows\system32\Oemdspif.dll
2010-10-27 03:49:50 ----A---- C:\Windows\system32\atimuixx.dll
2010-10-27 03:49:44 ----A---- C:\Windows\system32\ati2edxx.dll
2010-10-27 03:46:56 ----A---- C:\Windows\system32\atidxx32.dll
2010-10-27 03:35:26 ----A---- C:\Windows\system32\aticalrt.dll
2010-10-27 03:35:16 ----A---- C:\Windows\system32\aticalcl.dll
2010-10-27 03:33:50 ----A---- C:\Windows\system32\aticaldd.dll
2010-10-27 03:14:40 ----A---- C:\Windows\system32\atiglpxx.dll
2010-10-27 03:14:30 ----A---- C:\Windows\system32\atigktxx.dll
2010-10-27 03:13:34 ----A---- C:\Windows\system32\atiuxpag.dll
2010-10-27 02:37:12 ----A---- C:\Windows\system32\atimpc32.dll
2010-10-27 02:37:12 ----A---- C:\Windows\system32\amdpcom32.dll

======List of files/folders modified in the last 2 months======

2010-12-22 23:47:54 ----D---- C:\Windows\Prefetch
2010-12-22 23:47:45 ----D---- C:\Program Files\trend micro
2010-12-22 23:19:04 ----D---- C:\ProgramData\Test Drive Unlimited
2010-12-22 23:10:42 ----D---- C:\Program Files\Common Files\Akamai
2010-12-22 22:02:05 ----D---- C:\Users\MH20\AppData\Roaming\Xfire
2010-12-22 21:10:14 ----D---- C:\Windows\Debug
2010-12-22 21:10:14 ----D---- C:\Windows
2010-12-22 21:10:10 ----D---- C:\Windows\temp
2010-12-22 20:26:42 ----A---- C:\Windows\NeroDigital.ini
2010-12-22 20:17:50 ----D---- C:\Program Files\Mozilla Firefox
2010-12-22 16:44:08 ----D---- C:\Windows\System32
2010-12-22 16:44:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-22 16:44:07 ----D---- C:\Windows\inf
2010-12-22 15:46:05 ----SHD---- C:\System Volume Information
2010-12-22 15:30:25 ----SHD---- C:\Windows\Installer
2010-12-22 15:14:45 ----D---- C:\Users\MH20\AppData\Roaming\ICQ
2010-12-22 15:12:37 ----D---- C:\Program Files\Steam
2010-12-20 23:27:54 ----D---- C:\Users\MH20\AppData\Roaming\uTorrent
2010-12-20 16:10:51 ----D---- C:\Users\MH20\AppData\Roaming\Image Zone Express
2010-12-20 15:29:44 ----D---- C:\Windows\system32\catroot2
2010-12-18 23:30:14 ----D---- C:\Program Files\Atari
2010-12-17 13:58:00 ----D---- C:\ProgramData\Xfire
2010-12-16 20:13:13 ----D---- C:\Windows\rescache
2010-12-16 20:10:55 ----D---- C:\Program Files\iTunes
2010-12-16 20:10:12 ----D---- C:\Program Files
2010-12-16 20:10:11 ----D---- C:\Program Files\Common Files\Apple
2010-12-16 20:10:09 ----D---- C:\ProgramData\Apple Computer
2010-12-16 19:51:16 ----D---- C:\Program Files\Windows Mail
2010-12-16 19:51:15 ----D---- C:\Windows\system32\migration
2010-12-16 19:51:15 ----D---- C:\Program Files\Internet Explorer
2010-12-16 19:50:28 ----D---- C:\Users\MH20\AppData\Roaming\Skype
2010-12-16 18:03:20 ----D---- C:\Users\MH20\AppData\Roaming\skypePM
2010-12-16 15:29:34 ----D---- C:\Windows\winsxs
2010-12-16 15:25:57 ----D---- C:\Windows\system32\cs-CZ
2010-12-16 15:22:38 ----D---- C:\Windows\system32\catroot
2010-12-16 15:16:13 ----A---- C:\Windows\system32\mrt.exe
2010-12-13 20:29:50 ----D---- C:\Program Files\Windows Live Safety Center
2010-12-11 18:05:02 ----D---- C:\Windows\Tasks
2010-12-11 18:04:59 ----D---- C:\Windows\system32\wbem
2010-12-11 18:03:53 ----D---- C:\Windows\system32\config
2010-12-11 18:03:33 ----D---- C:\Windows\system32\spool
2010-12-11 18:03:33 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-11 18:03:26 ----D---- C:\Windows\registration
2010-12-11 15:42:54 ----D---- C:\Windows\system32\Tasks
2010-12-10 16:27:07 ----D---- C:\Windows\Microsoft.NET
2010-12-10 16:27:06 ----RSD---- C:\Windows\assembly
2010-12-10 16:22:25 ----D---- C:\Program Files\Windows Live
2010-12-09 16:36:08 ----D---- C:\Program Files\QuickTime
2010-12-07 19:03:20 ----D---- C:\ProgramData
2010-12-07 18:45:17 ----AD---- C:\ProgramData\TEMP
2010-12-07 18:43:32 ----D---- C:\Program Files\eMachines Games
2010-12-03 14:46:06 ----D---- C:\Program Files\Common Files
2010-12-03 14:42:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-23 10:45:59 ----D---- C:\ProgramData\WildTangent
2010-11-22 15:07:38 ----D---- C:\Program Files\bfgclient
2010-11-22 15:06:58 ----D---- C:\BigFishGamesCache
2010-11-19 15:16:52 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2010-11-18 15:30:56 ----D---- C:\Windows\system32\drivers
2010-11-17 18:40:08 ----D---- C:\Program Files\Common Files\Steam
2010-11-15 19:59:17 ----D---- C:\Program Files\u-he
2010-11-10 19:04:14 ----D---- C:\Program Files\Nitto 1320 Legends
2010-11-02 14:26:36 ----D---- C:\Program Files\ICQ7.0
2010-10-31 18:31:32 ----D---- C:\Windows\twain_32
2010-10-30 19:58:13 ----D---- C:\Program Files\DsNET Corp
2010-10-29 14:37:45 ----SD---- C:\Windows\Downloaded Program Files
2010-10-29 14:34:33 ----D---- C:\CyberStep
2010-10-29 14:06:50 ----DC---- C:\Windows\system32\DRVSTORE
2010-10-29 14:00:39 ----D---- C:\AeriaGames
2010-10-29 11:29:26 ----D---- C:\Program Files\Last.fm
2010-10-28 13:18:32 ----A---- C:\Windows\system32\wrap_oal.dll
2010-10-28 13:18:32 ----A---- C:\Windows\system32\OpenAL32.dll
2010-10-28 12:55:00 ----D---- C:\Program Files\OpenAL
2010-10-27 23:16:30 ----D---- C:\Windows\AppPatch
2010-10-27 03:55:22 ----A---- C:\Windows\system32\aticfx32.dll
2010-10-27 03:50:08 ----A---- C:\Windows\system32\atipdlxx.dll
2010-10-27 03:28:20 ----A---- C:\Windows\system32\atiumdag.dll
2010-10-27 03:14:58 ----A---- C:\Windows\system32\coinst.dll
2010-10-27 03:14:48 ----A---- C:\Windows\system32\atiadlxx.dll
2010-10-27 03:13:22 ----A---- C:\Windows\system32\atiu9pag.dll
2010-10-27 03:13:02 ----A---- C:\Windows\system32\atitmpxx.dll
2010-10-27 02:50:08 ----A---- C:\Windows\system32\atiumdva.dll
2010-10-24 10:08:29 ----D---- C:\Program Files\CAPCOM
2010-10-24 10:07:57 ----SD---- C:\ProgramData\Microsoft
2010-10-23 13:37:01 ----D---- C:\Windows\system32\directx
2010-10-23 13:36:51 ----HD---- C:\Windows\msdownld.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-09-09 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-09-09 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-09-09 243024]
R1 InCDPass;Nero InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2008-02-28 38952]
R1 incdrm;Nero InCD MRW Remapper; C:\Windows\system32\drivers\InCDRm.sys [2008-02-28 40360]
R1 NCPro;NCPro; C:\Windows\system32\drivers\MTictwl.sys [2007-12-05 13184]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
R3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2008-02-27 28160]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-14 2061528]
R3 PAC207;i-Look 111; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-06-29 611584]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files\MSI\DualCoreCenter\RushTop.sys [2008-04-23 56320]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R4 InCDfs;Nero InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2008-02-28 128424]
S3 adnorw5i;adnorw5i; C:\Windows\system32\drivers\adnorw5i.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 105488]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
S3 catchme;catchme; \??\C:\Users\MH20\AppData\Local\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2007-12-05 13184]
S3 MSI_DVD_010507;MSI_DVD_010507; \??\C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys [2010-05-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys [2010-05-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507; \??\C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys [2010-05-10 16696]
S3 MSIGreenPower;MSIGreenPower; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\NTGLM7X.sys [2008-03-12 28160]
S3 MSIGreenPowerRushTop;MSIGreenPowerRushTop; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\RushTop.sys [2008-04-23 55296]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RushTopDevice_J;RushTopDevice_J; \??\C:\Program Files\MSI\DualCoreCenter\Green Power Center\RushJ.sys [2008-04-23 18944]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2009-10-02 32768]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 w800bus;Sony Ericsson W800 driver (WDM); C:\Windows\system32\DRIVERS\w800bus.sys [2005-06-13 60768]
S3 w800mgmt;Sony Ericsson W800 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\w800mgmt.sys [2005-05-24 79216]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [2006-05-18 18359]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-09-09 308136]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2008-02-28 1440552]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 NeroRegInCDSrv;Nero Registry InCD Service; C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-11 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-16 185640]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S1 InCDRec;Nero InCD File System Recognizer; C:\Windows\system32\drivers\InCDRec.sys [2008-02-28 17448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca145bff052e4b;Služba Google Update (gupdate1ca145bff052e4b); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-03 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-04 68096]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872]
S3 GameConsoleService;GameConsoleService; C:\Program Files\eMachines Games\EMACHINES Console\GameConsoleService.exe [2009-05-22 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-11-12 3403420]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-17 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Roli]

Zdravím, řekl bych že máš problém.

Tohle fixni v HJT :

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft] svdhost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft] svdhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

HJT najdeš zde :

C:\Program Files\trend micro\MH20.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update

InCD Helper

Nero Registry InCD Service

NMIndexingService

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[MH20]

v HJT sem vše fixnul,

tamty srajdy sem teda zamítnul jak jste řekl =)

ale ohledně combofixu vypl jsem ochranu a vůbec procesy AVG Antiviru a při spuštění mi řeklo že prostě musím avg odinstalovat pokud chci pokračovat nebo použít jinej program...mám avg (free antivirus) odinstalovat a spustit combofix?

[Roli]

Zase to AVG.

No tak jinak, přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak použij Cure It z mého podpisu a dej vědět jak to dopadlo.

[MH20]

abych se přiznal trvalo to až moc dlouho a přez to že jsem to nechal přze noc běžet a ráno jsem s evzbudil a seklo se to v 1/3 stím estli mám soubor léčit nebo co....

tak jsem myslel že jse zblázním......

Jinak jo Cure It proběhl v pohodě, expresní byl bez viru v kopletním už se něco malého objevilo ale i když jsem mi ukázal trojan na jednom uninsta souboru který za trojana ůbec nepovažuju a nikdy s ním nebyl problém a nešel vyléčit tak jsem ho nenechal přesun out do truhly/ natož smazat ....

[MH20]

nechal jsme si ten určitý oubor project na virus totalu. A je pravda že jen DrWeb ukázal že je to trojan....

File name: Uninstall.exe
Submission date: 2010-12-24 09:14:46 (UTC)
Current status: queued (#10) queued (#11) analysing finished


Result: 1/ 43 (2.3%)

[Roli]

No jo no Cure It je úchylně pomalý, ale důkladný.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Windows\system32\svdhost.exe
J:\EmDesk.exe
K:\LaunchU3.exe
I:\Autorun.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\svdhost.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12937223-503f-11df-8e16-001d9297f0be}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8565897f-80f4-11de-9aa5-001d9297f0be}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d2f013-805e-11de-9351-001d9297f0be}]

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[MH20]

ll processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\STFAF24.tmp moved successfully.
C:\WINDOWS\System32\tmp3229.tmp moved successfully.
C:\WINDOWS\System32\tmp3239.tmp moved successfully.
C:\WINDOWS\System32\tmp9A12.tmp moved successfully.
C:\WINDOWS\System32\tmp9A33.tmp moved successfully.
C:\WINDOWS\System32\tmp9A65.tmp moved successfully.
C:\WINDOWS\System32\tmp9A66.tmp moved successfully.
C:\WINDOWS\System32\tmpE3DA.tmp moved successfully.
C:\WINDOWS\System32\tmpE3DB.tmp moved successfully.
C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP folder moved successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder moved successfully.
C:\WINDOWS\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\Windows\system32\svdhost.exe moved successfully.
File/Folder J:\EmDesk.exe not found.
File/Folder K:\LaunchU3.exe not found.
File/Folder I:\Autorun.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Windows\system32\svdhost.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12937223-503f-11df-8e16-001d9297f0be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12937223-503f-11df-8e16-001d9297f0be}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8565897f-80f4-11de-9aa5-001d9297f0be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8565897f-80f4-11de-9aa5-001d9297f0be}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7d2f013-805e-11de-9351-001d9297f0be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7d2f013-805e-11de-9351-001d9297f0be}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MH20
->Temp folder emptied: 16576748 bytes
->Temporary Internet Files folder emptied: 70176218 bytes
->Java cache emptied: 5654669 bytes
->FireFox cache emptied: 40197584 bytes
->Flash cache emptied: 47090 bytes

User: Míša
->Temp folder emptied: 2101556132 bytes
->Temporary Internet Files folder emptied: 1966173233 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 71904 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1177555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33239 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 007,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12242010_140632

Files moved on Reboot...

Registry entries deleted on Reboot...

[Roli]

Bezva, nepořádek je pryč.

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.

Pak dej vědět jaký je stav PC.

[MH20]

pc mi příjde rychlejší určitě je to tak lepší a děkuji moc za pomoc

Já přeji vám krásné prožití vánočních svátků a mnoho úspěchů do nového roka

[Roli]

Není vůbec zač.