VIRY.CZ

Dobry vecer potřebovala bzch pomoc odsrtanit vir z pocitace.Po pár radách z vašeho servru přikládám výpis z RSIT.
Předem dik za pomoc

Logfile of random's system information tool 1.08 (written by random/random)
Run by bashkim at 2010-07-28 23:50:41
WIN_VISTA Service Pack 2
System drive C: has 161 GB (70%) free of 231 GB
Total RAM: 2046 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:51:45, on 28.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\bashkim\Downloads\RSIT.exe
C:\Program Files\trend micro\bashkim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2269050
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-195142114-3670078642-1254213944-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10702 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{98A4EB86-9BC5-4C8D-9424-FDF284AEF3F8}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-28 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-24 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"CognizanceTS"=c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-28 202256]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-10-03 13826664]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\iCall\iCall.exe"="C:\Program Files\iCall\iCall.exe:*:Enabled:iCall"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-28 23:50:42 ----D---- C:\Program Files\trend micro
2010-07-28 23:50:41 ----D---- C:\rsit
2010-07-28 23:47:10 ----AD---- C:\Windows\rundll16.exe
2010-07-28 23:47:10 ----AD---- C:\Windows\logo1_.exe
2010-07-28 21:46:16 ----AD---- C:\Windows\VDLL.DLL
2010-07-28 21:46:16 ----AD---- C:\Windows\system32\runouce.exe
2010-07-28 21:46:16 ----AD---- C:\Windows\RUNDL132.EXE
2010-07-28 21:46:16 ----AD---- C:\Windows\logo_1.exe
2010-07-28 21:43:21 ----A---- C:\Windows\system32\msvcr80.dll
2010-07-28 21:43:20 ----A---- C:\Windows\system32\msvcp80.dll
2010-07-28 21:43:19 ----A---- C:\Windows\system32\eEmpty.exe
2010-07-28 21:43:14 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-28 21:43:11 ----D---- C:\ProgramData\MicroWorld
2010-07-28 20:52:55 ----SHD---- C:\$RECYCLE.BIN
2010-07-28 20:52:53 ----D---- C:\Windows\temp
2010-07-28 20:52:52 ----A---- C:\ComboFix.txt
2010-07-28 20:39:26 ----D---- C:\ComboFix
2010-07-28 20:39:01 ----A---- C:\Windows\SWXCACLS.exe
2010-07-28 20:19:36 ----A---- C:\Windows\zip.exe
2010-07-28 20:19:36 ----A---- C:\Windows\SWSC.exe
2010-07-28 20:19:36 ----A---- C:\Windows\SWREG.exe
2010-07-28 20:19:36 ----A---- C:\Windows\sed.exe
2010-07-28 20:19:36 ----A---- C:\Windows\PEV.exe
2010-07-28 20:19:36 ----A---- C:\Windows\NIRCMD.exe.mwt
2010-07-28 20:19:36 ----A---- C:\Windows\MBR.exe
2010-07-28 20:19:36 ----A---- C:\Windows\grep.exe
2010-07-28 20:19:26 ----D---- C:\Windows\ERDNT
2010-07-28 20:18:17 ----D---- C:\Qoobox
2010-07-27 22:46:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-27 22:46:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-27 21:31:31 ----D---- C:\Users\bashkim\AppData\Roaming\Malwarebytes
2010-07-27 21:31:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-27 21:31:20 ----D---- C:\ProgramData\Malwarebytes
2010-07-27 21:31:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-27 21:31:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-27 18:13:58 ----D---- C:\ProgramData\Panda Software
2010-07-27 01:04:40 ----D---- C:\ProgramData\Backup
2010-07-27 00:17:01 ----D---- C:\Program Files\DVDVideoSoftTB
2010-07-27 00:16:59 ----D---- C:\Users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-27 00:16:42 ----D---- C:\Program Files\DVDVideoSoft
2010-07-26 22:06:35 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 22:25:27 ----D---- C:\Users\bashkim\AppData\Roaming\Tific
2010-07-24 20:17:48 ----D---- C:\Windows\system32\N360_BACKUP
2010-07-24 14:01:18 ----D---- C:\ProgramData\Norton
2010-07-24 14:01:08 ----D---- C:\ProgramData\NortonInstaller
2010-07-24 13:32:23 ----D---- C:\Users\bashkim\AppData\Roaming\Download Manager
2010-07-08 16:13:04 ----D---- C:\Program Files\ScreensCorner
2010-07-05 03:22:09 ----D---- C:\Users\bashkim\AppData\Roaming\ARGELA
2010-07-05 01:20:32 ----D---- C:\Users\bashkim\AppData\Roaming\Globe7
2010-07-04 19:47:34 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-04 19:45:54 ----D---- C:\Program Files\Microsoft Application Virtualization Client
2010-07-04 19:32:12 ----D---- C:\Users\bashkim\AppData\Roaming\TP
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2010-07-04 16:48:18 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2010-07-04 16:48:09 ----A---- C:\Windows\system32\BtwRSupport.dll
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-MX
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-AR
2010-07-03 00:59:50 ----D---- C:\Program Files\Alwil Software
2010-07-02 02:35:11 ----D---- C:\Windows\system32\WindowsPowerShell
2010-07-02 02:33:48 ----A---- C:\Windows\system32\winrsmgr.dll
2010-07-02 02:33:33 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-07-02 02:33:33 ----A---- C:\Windows\system32\winrshost.exe
2010-07-02 02:33:33 ----A---- C:\Windows\system32\winrs.exe
2010-07-02 02:33:32 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-07-02 02:33:32 ----A---- C:\Windows\system32\winrssrv.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\WsmRes.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wevtfwd.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecutil.exe
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecsvc.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\wecapi.dll
2010-07-02 02:33:29 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-07-02 02:33:21 ----A---- C:\Windows\system32\winrm.vbs
2010-07-02 02:33:17 ----A---- C:\Windows\system32\WsmAuto.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-07-02 02:33:16 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-07-02 02:33:16 ----A---- C:\Windows\system32\winrscmd.dll
2010-07-02 02:33:15 ----A---- C:\Windows\system32\WsmSvc.dll
2010-07-02 01:49:41 ----A---- C:\Windows\system32\javaws.exe
2010-07-02 01:49:41 ----A---- C:\Windows\system32\javaw.exe
2010-07-02 01:49:41 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-02 01:49:40 ----A---- C:\Windows\system32\java.exe
2010-07-02 01:30:49 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-02 01:30:49 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-02 01:30:49 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-02 01:30:49 ----A---- C:\Windows\system32\mscoree.dll
2010-07-02 01:30:48 ----A---- C:\Windows\system32\dfshim.dll
2010-07-02 00:43:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-07-02 00:43:31 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-07-01 21:20:28 ----D---- C:\Users\bashkim\AppData\Roaming\Uniblue
2010-07-01 21:05:54 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor

======List of files/folders modified in the last 1 months======

2010-07-28 23:50:42 ----D---- C:\Program Files
2010-07-28 23:47:10 ----D---- C:\Windows
2010-07-28 23:32:40 ----D---- C:\Windows\tracing
2010-07-28 23:31:27 ----D---- C:\Windows\SMINST
2010-07-28 21:46:16 ----D---- C:\Windows\System32
2010-07-28 21:43:14 ----D---- C:\Program Files\Common Files
2010-07-28 21:43:11 ----D---- C:\ProgramData
2010-07-28 20:52:00 ----D---- C:\Windows\Tasks
2010-07-28 20:49:25 ----A---- C:\Windows\system.ini
2010-07-28 20:45:42 ----D---- C:\Windows\system32\drivers
2010-07-28 20:45:42 ----D---- C:\Windows\AppPatch
2010-07-28 20:19:28 ----D---- C:\Windows\Prefetch
2010-07-28 00:48:35 ----SHD---- C:\System Volume Information
2010-07-28 00:47:41 ----D---- C:\Windows\system32\catroot2
2010-07-27 22:39:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-27 22:39:09 ----D---- C:\Windows\system32\drivers\etc
2010-07-27 22:36:27 ----SHD---- C:\Windows\Installer
2010-07-27 22:35:14 ----D---- C:\Windows\system32\catroot
2010-07-27 22:35:13 ----D---- C:\Windows\inf
2010-07-27 01:54:36 ----D---- C:\Program Files\Winamp
2010-07-27 01:16:39 ----A---- C:\Windows\win.ini
2010-07-27 00:16:56 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-07-26 22:06:44 ----D---- C:\Users\bashkim\AppData\Roaming\Mozilla
2010-07-26 15:32:32 ----D---- C:\Windows\system32\Tasks
2010-07-26 15:30:58 ----D---- C:\ProgramData\Yahoo!
2010-07-26 15:30:58 ----D---- C:\Program Files\Yahoo!
2010-07-26 08:22:17 ----D---- C:\Windows\system32\config
2010-07-26 08:22:07 ----D---- C:\Windows\system32\spool
2010-07-26 08:22:07 ----D---- C:\Windows\system32\Msdtc
2010-07-26 08:22:05 ----D---- C:\Windows\registration
2010-07-26 08:18:05 ----D---- C:\Windows\system32\LogFiles
2010-07-26 01:15:56 ----D---- C:\Users\bashkim\AppData\Roaming\Hewlett-Packard
2010-07-26 00:59:51 ----D---- C:\Windows\rescache
2010-07-26 00:43:46 ----D---- C:\Windows\winsxs
2010-07-26 00:41:01 ----D---- C:\Windows\system32\drivers\en-US
2010-07-26 00:39:40 ----D---- C:\Windows\system32\wbem
2010-07-25 23:38:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-25 23:38:01 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-25 16:11:11 ----D---- C:\SwSetup
2010-07-24 23:44:30 ----SD---- C:\ProgramData\Microsoft
2010-07-23 00:40:30 ----D---- C:\ProgramData\LightScribe
2010-07-21 09:54:14 ----D---- C:\Windows\Minidump
2010-07-21 09:54:14 ----D---- C:\Windows\Debug
2010-07-18 18:21:48 ----D---- C:\Program Files\Microsoft Office
2010-07-18 18:21:48 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-16 19:08:01 ----D---- C:\DVDVideoSoft
2010-07-15 00:09:19 ----D---- C:\Program Files\Windows Mail
2010-07-13 14:45:42 ----D---- C:\Users\bashkim\AppData\Roaming\vlc
2010-07-04 19:46:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-04 16:47:40 ----D---- C:\Windows\system32\zh-TW
2010-07-04 16:47:40 ----D---- C:\Windows\system32\zh-CN
2010-07-04 16:47:40 ----D---- C:\Windows\system32\sv-SE
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ru-RU
2010-07-04 16:47:40 ----D---- C:\Windows\system32\pt-BR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\pl-PL
2010-07-04 16:47:40 ----D---- C:\Windows\system32\nl-NL
2010-07-04 16:47:40 ----D---- C:\Windows\system32\nb-NO
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ko-KR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\ja-JP
2010-07-04 16:47:40 ----D---- C:\Windows\system32\it-IT
2010-07-04 16:47:40 ----D---- C:\Windows\system32\fr-FR
2010-07-04 16:47:40 ----D---- C:\Windows\system32\es-ES
2010-07-04 16:47:39 ----D---- C:\Windows\system32\fi-FI
2010-07-04 16:47:39 ----D---- C:\Windows\system32\en-US
2010-07-04 16:47:39 ----D---- C:\Windows\system32\de-DE
2010-07-04 16:47:39 ----D---- C:\Windows\system32\da-DK
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-07-02 03:55:08 ----D---- C:\Windows\Microsoft.NET
2010-07-02 03:55:04 ----RSD---- C:\Windows\assembly
2010-07-02 03:19:12 ----D---- C:\ProgramData\NVIDIA
2010-07-02 02:35:15 ----D---- C:\Windows\PolicyDefinitions
2010-07-02 02:27:09 ----D---- C:\Users\bashkim\AppData\Roaming\Skype
2010-07-02 01:49:35 ----D---- C:\Program Files\Java
2010-07-02 01:34:05 ----D---- C:\Windows\ehome
2010-07-02 00:25:09 ----D---- C:\Users\bashkim\AppData\Roaming\HpUpdate
2010-07-02 00:16:15 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-02 00:16:02 ----D---- C:\Program Files\Windows Live SkyDrive
2010-07-02 00:16:00 ----D---- C:\Program Files\CCleaner
2010-07-01 15:01:42 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 80424]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 16168]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt2870.sys [2007-03-13 476416]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2008-12-08 104960]
S3 ZTEusbnet;ZTE USB-NDIS miniport; C:\Windows\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2008-12-08 105344]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2008-12-08 104960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Základním nedostatkem je provést sken ComboFix před RSITem. Tím bezpečně zničíte všechny stopy a navíc za určitých okolností riskujete pád systému. Dejte log z ComboFix, je uložen v C:\combofix.txt .

Dekuji za pomoc a prikladam log

ComboFix 10-07-27.05 - bashkim 28.07.2010 20:41:07.2.2 - x86
Spuštěný z: c:\users\bashkim\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 18:49 . 2010-07-28 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 20:46 . 2010-07-27 21:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-27 20:46 . 2010-07-27 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\users\bashkim\AppData\Roaming\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\programdata\Malwarebytes
2010-07-27 19:31 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 19:31 . 2010-07-27 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 16:13 . 2010-07-27 16:13 -------- d-----w- c:\programdata\Panda Software
2010-07-26 23:04 . 2010-07-26 23:04 -------- d-----w- c:\programdata\Backup
2010-07-26 22:17 . 2010-07-26 22:17 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 52224 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\yuwbqn1c.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 101376 ----a-w- c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-26 22:16 . 2010-07-26 22:16 -------- d-----w- c:\program files\DVDVideoSoft
2010-07-25 20:38 . 2010-07-26 10:42 -------- d-----w- c:\users\bashkim\AppData\Local\CrashDumps
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Roaming\Tific
2010-07-25 20:25 . 2010-07-25 20:25 -------- d-----w- c:\users\bashkim\AppData\Local\Symantec
2010-07-24 18:17 . 2010-07-24 18:17 -------- d-----w- c:\windows\system32\N360_BACKUP
2010-07-24 12:01 . 2010-07-25 21:40 -------- d-----w- c:\programdata\Norton
2010-07-24 12:01 . 2010-07-24 12:01 -------- d-----w- c:\programdata\NortonInstaller
2010-07-24 11:32 . 2010-07-24 11:32 -------- d-----w- c:\users\bashkim\AppData\Roaming\Download Manager
2010-07-22 23:33 . 2010-07-22 23:33 -------- d-----w- c:\users\bashkim\AppData\Local\MigWiz
2010-07-08 14:13 . 2010-07-08 14:13 -------- d-----w- c:\program files\ScreensCorner
2010-07-05 01:22 . 2010-07-05 01:22 -------- d-----w- c:\users\bashkim\AppData\Roaming\ARGELA
2010-07-04 23:20 . 2010-07-04 23:20 -------- d-----w- c:\users\bashkim\AppData\Roaming\Globe7
2010-07-04 17:45 . 2010-07-04 17:47 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-07-04 17:32 . 2010-07-04 17:48 -------- d-----w- c:\users\bashkim\AppData\Roaming\TP
2010-07-04 14:48 . 2007-12-12 11:12 80936 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2010-07-04 14:48 . 2007-12-12 11:12 80424 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2010-07-04 14:48 . 2007-12-12 11:12 16168 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2010-07-04 14:48 . 2007-12-12 11:12 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-MX
2010-07-04 14:47 . 2010-07-04 14:47 -------- d-----w- c:\windows\system32\es-AR
2010-07-02 22:59 . 2010-07-02 22:59 -------- d-----w- c:\program files\Alwil Software
2010-07-01 23:49 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 23:30 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-01 23:30 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-01 23:30 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-01 23:30 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-01 23:30 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-01 22:43 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-01 22:43 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-07-01 19:20 . 2010-07-05 00:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\Uniblue
2010-07-01 19:06 . 2010-07-01 19:06 -------- d-----w- c:\users\bashkim\AppData\Local\Microsoft Corporation
2010-07-01 19:05 . 2010-07-01 19:16 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-01 13:00 . 2010-07-01 13:00 -------- d-----w- c:\users\bashkim\Office Genuine Advantage
2010-06-28 18:59 . 2010-06-28 18:59 -------- d-----w- c:\users\bashkim\AppData\Local\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:31 . 2009-10-04 15:41 32061 ----a-w- c:\programdata\nvModes.dat
2010-07-27 23:07 . 2008-01-30 08:12 14908 ----a-w- c:\windows\bthservsdp.dat
2010-07-27 20:39 . 2007-08-19 00:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 23:54 . 2010-05-28 20:45 -------- d-----w- c:\program files\Winamp
2010-07-26 22:16 . 2010-02-02 18:01 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-07-26 13:30 . 2009-07-01 13:04 -------- d-----w- c:\programdata\Yahoo!
2010-07-26 13:30 . 2008-02-02 14:55 -------- d-----w- c:\program files\Yahoo!
2010-07-25 23:15 . 2008-01-29 18:36 -------- d-----w- c:\users\bashkim\AppData\Roaming\Hewlett-Packard
2010-07-25 21:38 . 2007-08-19 00:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-22 22:40 . 2009-05-24 20:14 -------- d-----w- c:\programdata\LightScribe
2010-07-21 08:12 . 2008-02-27 09:47 7808 ----a-w- c:\users\bashkim\AppData\Local\d3d9caps.dat
2010-07-21 08:10 . 2008-01-29 18:50 86328 ----a-w- c:\users\bashkim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-14 22:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-13 12:45 . 2010-05-28 21:24 -------- d-----w- c:\users\bashkim\AppData\Roaming\vlc
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-02 01:20 . 2010-07-02 01:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-02 01:19 . 2009-10-04 15:48 -------- d-----w- c:\programdata\NVIDIA
2010-07-02 00:27 . 2010-06-01 13:40 -------- d-----w- c:\users\bashkim\AppData\Roaming\Skype
2010-07-01 23:49 . 2007-08-19 01:41 -------- d-----w- c:\program files\Java
2010-07-01 22:25 . 2009-09-09 21:17 -------- d-----w- c:\users\bashkim\AppData\Roaming\HpUpdate
2010-07-01 22:16 . 2009-06-30 14:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-01 22:16 . 2008-10-20 18:59 -------- d-----w- c:\program files\CCleaner
2010-06-27 16:32 . 2009-10-22 15:18 -------- d-----w- c:\program files\Microsoft.NET
2010-06-16 19:43 . 2010-06-16 19:11 -------- d-----w- c:\programdata\TuneUp Software
2010-06-16 19:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-16 19:12 . 2010-06-16 19:12 -------- d-----w- c:\users\bashkim\AppData\Roaming\TuneUp Software
2010-06-16 19:06 . 2008-01-30 00:56 -------- d-----w- c:\programdata\Skype
2010-06-16 08:39 . 2010-06-16 08:39 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-06-07 14:02 . 2008-12-28 23:01 -------- d-----w- c:\users\bashkim\AppData\Roaming\skypePM
2010-06-05 08:33 . 2008-10-20 19:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 21:09 . 2010-06-04 21:02 -------- d-----w- c:\users\bashkim\AppData\Roaming\FreeBurner
2010-06-04 21:02 . 2010-06-04 21:02 -------- d-----w- c:\program files\Free Easy Burner
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\programdata\Nero
2010-06-04 20:31 . 2010-06-04 20:21 -------- d-----w- c:\program files\Common Files\Nero
2010-06-04 20:23 . 2010-06-04 20:23 -------- d-----w- c:\users\bashkim\AppData\Roaming\Nero
2010-06-01 19:21 . 2009-10-08 16:15 -------- d-----w- c:\users\bashkim\AppData\Roaming\dvdcss
2010-06-01 13:46 . 2010-01-31 23:27 -------- d-----w- c:\program files\Google
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 21:16 . 2010-05-28 21:16 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 21:16 . 2010-05-28 21:16 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 21:16 . 2010-05-28 21:16 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 21:16 . 2010-05-28 21:16 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 21:16 . 2010-05-28 21:16 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:01 . 2010-05-27 23:47 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-27 23:41 . 2010-05-27 23:47 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-26 17:06 . 2010-06-10 17:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 13:24 . 2010-07-04 14:27 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-21 12:14 . 2009-10-03 16:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 22:24 . 2010-05-19 22:24 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-05-04 05:59 . 2010-06-10 17:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 17:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 17:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 17:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 17:51 2037248 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8b,71,d0,0e,a5,2d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-195142114-3670078642-1254213944-1000]
"EnableNotificationsRef"=dword:00000004

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-12-08 7680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-12-08 110080]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 10:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{98A4EB86-9BC5-4C8D-9424-FDF284AEF3F8}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\bashkim\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
FF - ProfilePath - c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\bashkim\AppData\Roaming\Mozilla\Firefox\Profiles\j12c02db.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{4d02e7e6-5930-4b51-b9b0-9f21b3789400} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-hpqSRMon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 20:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\APSHook.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\System32\APSHook.dll
.
Celkový čas: 2010-07-28 20:52:51
ComboFix-quarantined-files.txt 2010-07-28 18:52

Před spuštěním: 157 589 274 624 bytes free
Po spuštění: 157 521 571 840 bytes free

- - End Of File - - 58DFCECB64FE524A4EFC87D0ED2E9675

Ani log CF neprozrazuje, o jaký virus se jedná. Ve kterém souboru ho antivir našel?

C:\Windows\NIRCMD.exe.mwt infected by "Malware.Win32 (ES)" Virus! Action Taken: No Action Taken.

To je příkazový řádek. Měl by to být legitimní soubor. Otestujte online na www.virustotal.com .

Tak tady je vysledek..aspon doufam

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.07.28.04 2010.07.28 -
AntiVir 8.2.4.26 2010.07.28 -
Antiy-AVL 2.0.3.7 2010.07.28 -
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.28 -
CAT-QuickHeal 11.00 2010.07.28 -
ClamAV 0.96.0.3-git 2010.07.28 -
Comodo 5566 2010.07.28 -
DrWeb 5.0.2.03300 2010.07.28 -
Emsisoft 5.0.0.34 2010.07.28 -
eSafe 7.0.17.0 2010.07.27 -
eTrust-Vet 36.1.7743 2010.07.27 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.28 -
Fortinet 4.1.143.0 2010.07.28 -
GData 21 2010.07.28 -
Ikarus T3.1.1.84.0 2010.07.28 -
Jiangmin 13.0.900 2010.07.28 Trojan/Agent.dwsp
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.28 -
McAfee-GW-Edition 2010.1 2010.07.28 -
Microsoft 1.6004 2010.07.28 -
NOD32 5319 2010.07.28 -
Norman 6.05.11 2010.07.28 -
nProtect 2010-07-28.02 2010.07.28 -
Panda 10.0.2.7 2010.07.27 -
PCTools 7.0.3.5 2010.07.28 -
Prevx 3.0 2010.07.28 -
Rising 22.58.02.04 2010.07.28 -
Sophos 4.55.0 2010.07.28 NirCmd
Sunbelt 6653 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.28 -
Symantec 20101.1.1.7 2010.07.28 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.28 -
VBA32 3.12.12.6 2010.07.27 Trojan.Win32.Agent2.cpop
ViRobot 2010.7.23.3956 2010.07.28 Trojan.Win32.Agent.33280.BY
VirusBuster 5.0.27.0 2010.07.28 -
Rozšiřující informace
File size: 31232 bytes
MD5 : ae72e8619cb31d84da25e2435e55003c
SHA1 : 2ed893a9aa82da248b5f4344819fcf6ad2d28240
SHA256: eccf9f7bb602e25cf9383be7856318c1fa679c0c4a354966b0ed723da17e8d24
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12AF0
timedatestamp.....: 0x49EC5532 (Mon Apr 20 12:57:54 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xB000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xC000 0x7000 0x6E00 7.88 61ac5157516e5e2e687d300707ddf5df
.rsrc 0x13000 0x1000 0x800 3.30 c926c07c18604758648052e6fadc348c

( 8 imports )

> advapi32.dll: RegCloseKey
> gdi32.dll: BitBlt
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> msvcrt.dll: exit
> ole32.dll: CoInitialize
> shell32.dll: ShellExecuteA
> user32.dll: GetDC
> winmm.dll: mixerOpen

( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 435e55003c
ssdeep: 768:8HfV0Q+ubR8EM/hIY/5UPkLVScwoUT+hhe88Znxbtk2:I+FCRFMyYVVScFUTYw86nRtJ
sigcheck: publisher....: NirSoft
copyright....: Copyright (c) 2003 - 2009 Nir Sofer
product......: NirCmd
description..: NirCmd
original name: NirCmd.exe
internal name: NirCmd
file version.: 2.35
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 0091A6F065
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/pa ... 435e55003c
RDS : NSRL Reference Data Set
-

OK. Všwechny světové antiviry mlčí, ozývají se jen ty druhořadé. Myslím, že soubor je v pořádku.

Ok děkuji,ale nevim co dal..windows security porad hlasi malware a stale sviti cervene..

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

vysledek:

Autoscan: completed 4 minutes ago (events: 2, objects: 587826, time: 02:50:23)
29.7.2010 20:38:25 Task started
29.7.2010 23:28:48 Task completed

už fakt nevim počítač stále hlasí vir...červený erb na windows

Ve kterém souboru je malware umístěn?

asi jsem uplně mimo,ale nemuzu najit v jakým je adresari

valca píše:asi jsem uplně mimo,ale nemuzu najit v jakým je adresari

Nikde jsem nic nenašel. Pokud se někde něco skrývá, musím vědět o co jde a znát cestu k souboru. Jedině tehdy ho mohu odstranit.

VIRY.CZ

Vir v pocitaci malware.Win 32

Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32

Re: Vir v pocitaci malware.Win 32