VIRY.CZ

prosim o kontrolu logu

rozliseni obr je stale 640x 480 pix, farb. 4 bity a nejde nastavit, pc je pomaly, vydava chyb. hlasenia, ze spusteny prog bude ukonceny, spustte ako administrator - aj ked ja som administraror a spustam ako admin.

MBAM je negativ
spybot je negativ

Dakujem

Logfile of random's system information tool 1.08 (written by random/random)
Run by europe at 2010-12-10 08:36:36
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 16 GB (11%) free of 146 GB
Total RAM: 2046 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:21, on 10. 12. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\europe\Downloads\RSIT (1).exe
C:\Program Files\Trend Micro\HijackThis\europe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bing.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3718A6-DD75-4B1A-B628-36FC48575DCC}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11387 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
C:\Windows\tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
C:\Windows\tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
C:\Windows\tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-10-14 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-09-22 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-10-23 843832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll [2010-09-22 612616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-10-23 297648]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 1721640]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe [2006-10-26 258560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
c:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2007-06-12 56080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
C:\Program Files\inKline Global\PC Booster\pcbooster.exe [2007-11-30 14450688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2009-03-10 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-17 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-14 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-03-29 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
C:\Program Files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzstub.exe -run C:\Program Files\HP\Temp\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzrcv01.exe -f ..\autorun.inf -recover []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-07-26 768528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\wpdshserviceobj.dll [2009-10-01 87552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-10 08:18:51 ----D---- C:\Program Files\Lavalys
2010-12-09 22:47:27 ----ASH---- C:\hiberfil.sys
2010-12-09 12:29:01 ----D---- C:\Windows\temp
2010-12-09 12:15:27 ----A---- C:\Windows\SWSC.exe
2010-12-09 12:15:27 ----A---- C:\Windows\SWREG.exe
2010-12-09 12:15:27 ----A---- C:\Windows\sed.exe
2010-12-09 12:15:27 ----A---- C:\Windows\PEV.exe
2010-12-09 12:15:27 ----A---- C:\Windows\NIRCMD.exe
2010-12-09 12:15:27 ----A---- C:\Windows\MBR.exe
2010-12-09 12:15:27 ----A---- C:\Windows\grep.exe
2010-12-09 12:15:14 ----D---- C:\ComboFix
2010-12-09 12:14:40 ----A---- C:\Windows\SWXCACLS.exe
2010-12-09 07:11:29 ----D---- C:\Malwarebytes
2010-12-09 07:01:39 ----D---- C:\%APPDATA%
2010-12-03 17:08:04 ----D---- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 12:18:33 ----D---- C:\Program Files\Sanmaxi Sim Card Data Recovery

======List of files/folders modified in the last 1 months======

2010-12-10 08:36:54 ----D---- C:\Windows\Prefetch
2010-12-10 08:18:51 ----D---- C:\Program Files
2010-12-10 06:47:11 ----SHD---- C:\System Volume Information
2010-12-09 23:10:56 ----SHD---- C:\Windows\Installer
2010-12-09 23:06:45 ----D---- C:\Windows\System32
2010-12-09 23:06:42 ----D---- C:\Windows\inf
2010-12-09 23:06:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-09 23:05:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-12-09 23:01:16 ----D---- C:\Windows\system32\catroot2
2010-12-09 22:58:08 ----D---- C:\Windows\system32\config
2010-12-09 22:57:55 ----D---- C:\Windows
2010-12-09 22:57:41 ----D---- C:\Windows\Tasks
2010-12-09 22:57:41 ----D---- C:\Windows\system32\Tasks
2010-12-09 22:57:41 ----D---- C:\Windows\system32\spool
2010-12-09 22:57:41 ----D---- C:\Windows\system32\Msdtc
2010-12-09 22:57:41 ----D---- C:\Windows\system32\drivers\etc
2010-12-09 22:57:41 ----D---- C:\Windows\system32\drivers
2010-12-09 22:57:41 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-09 22:57:41 ----D---- C:\Windows\pss
2010-12-09 22:57:38 ----D---- C:\Users\europe\AppData\Roaming\vlc
2010-12-09 22:57:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-09 22:57:36 ----D---- C:\Windows\system32\wbem
2010-12-09 22:57:36 ----D---- C:\Qoobox
2010-12-09 22:57:35 ----D---- C:\Windows\registration
2010-12-09 22:55:44 ----SHD---- C:\$RECYCLE.BIN
2010-12-09 12:26:11 ----D---- C:\Windows\AppPatch
2010-12-09 12:26:11 ----D---- C:\Program Files\Common Files
2010-12-09 01:48:52 ----D---- C:\Windows\system32\LogFiles
2010-12-04 18:30:54 ----D---- C:\Program Files\ICQ6.5
2010-12-03 17:07:19 ----D---- C:\ProgramData\DVD Shrink
2010-12-01 22:35:12 ----D---- C:\Users\europe\AppData\Roaming\Skype
2010-12-01 16:49:53 ----D---- C:\Users\europe\AppData\Roaming\skypePM
2010-11-24 13:34:30 ----D---- C:\Windows\winsxs
2010-11-24 13:34:30 ----D---- C:\Program Files\Internet Explorer
2010-11-24 09:58:40 ----D---- C:\Windows\system32\catroot
2010-11-20 00:32:23 ----D---- C:\Windows\Debug
2010-11-19 23:57:53 ----D---- C:\ProgramData\Yahoo! Companion
2010-11-11 01:32:31 ----D---- C:\ProgramData\Microsoft Help
2010-11-11 01:31:44 ----D---- C:\Program Files\Windows Mail
2010-11-11 01:23:56 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-04-10 44944]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 RMCAST;Ovladač protokolu RMCAST (Pgm); C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-19 1331192]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 79664]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 81200]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 16432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 Dvd43;Dvd43; C:\Windows\System32\DRIVERS\Dvd43.sys [2010-10-15 35296]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-09 7140800]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-12-19 1331192]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 catchme;catchme; \??\C:\Users\europe\AppData\Local\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-06-25 163328]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-06-12 35216]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-06-12 36496]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-06-12 28688]
S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\Windows\system32\DRIVERS\MSIRCOMM.sys [2008-01-19 24064]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\Windows\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 sonypvs1;Sony Digital Imaging Video2; C:\Windows\system32\DRIVERS\sonypvs1.sys [2006-10-30 102220]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\Windows\system32\DRIVERS\irstusb.sys [2008-01-19 30208]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2007-07-26 121360]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2009-01-12 292216]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2009-01-12 116080]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-17 182768]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
S4 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S4 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

toto je skor posahany system, ako virovy problem
skus bud obnovu systemu k datumu, ked bolo vsetko OK, alebo preinstalovat ovladac ku graf. karte

Este nefunguje spustenie systemu. Vzdy pri starte sa spusti oprava spustania systemu. Vcera som odstranil tieto virusy: Disabled.cryptsvc, Win32.Autorun.tmp, Microsoft windows security center_disabled.
Neviem, ci boli teda uspesne odstranene, lebo pc nefunguje spravne.
Obnova systemu nejde a ked sa pozeram cez tlacitko start, tak nie je k dispozicii ani hybernacia ani rezim spanku, ako to bolo predtym.

Mate nejaky navrh ako na to? dakujem

vidim to na opravnu instalaciu Windows

co to znamena?
nerad by som prisiel o nainstalovane programy. Nie je mozna ina cesta?
Diky

skusil som combofix

spustanie systemu je uz v poriadku

stale je tu problem ako na zaciatku s rozlisenim obrazovky 640x480 pix, 4 bity. rezim spanku a hybernace nefunkcne,
pri pokuse aktualizovat ovl. ku graf. karte - neuspesne

v spravcovi zariadeni, graficky adapter, nvidia gforce 8400M GS, v stave zariadenia je napisane: zar. bolo zastavene, pretoze oznamilo potize kod 43

co s tym?

tu je log z cfix(pri catchme vyhlasil chyb.hlas, ze neprebehol uspesne, inak ok):

ComboFix 10-12-09.04 - europe . 12. 2010 0:32.18.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1226 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
.
---- Previous Run -------
.
c:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
c:\windows\system32\AutoRun.inf

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_monitor


((((((((((((((((((((((((( Files Created from 2010-11-10 to 2010-12-10 )))))))))))))))))))))))))))))))
.

2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-10 23:49 . 2010-12-10 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-10 23:54 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-10 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 00:56
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4416)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-12-11 01:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 00:06
ComboFix2.txt 2010-11-05 21:14
ComboFix3.txt 2010-10-19 18:37
ComboFix4.txt 2010-10-14 21:26
ComboFix5.txt 2010-12-09 11:15

Pre-Run: Volných bajtů: 16 790 872 064
Post-Run: Volných bajtů: 16 612 323 328

- - End Of File - - C277B561DF095CB24ABC1950862485AC

Ešte tam musí byť infekcia. Dnes pri štarte sa samovoľne spustila služba oprava spúšťania systému. Myslel som - a tak to včera vyzeralo, že si s tým combofix poradil...čo mi ďalej odporučíte? Ďakujem

odstran ovladac ku graf.karte - restart a nanovo ho nainstaluj
+
preventivne prescanuj PC s MBAM

vyskusal som odinstal, restart a potom sa samovolne zacal instalovat ovl. ku graf. karte. nepomohlo to, je to take iste.

tych ovl. s rovnakym ozn ale s inym datumom tam mam viac. mal by som ich vsetky odstranit? ako na to?

tu je posledny scan cfix

ComboFix 10-12-09.04 - europe . 12. 2010 16:04:34.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1092 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\europe\Documents\cc_20101211_013034.reg

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys

.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-11 15:22 . 2010-12-11 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-11 15:26 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-13 00:04 . 2010-09-13 00:04 77824 ----a-w- C:\FaceControl.8bf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 16:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4100)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-11 16:38:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 15:38
ComboFix2.txt 2010-12-11 00:07
ComboFix3.txt 2010-11-05 21:14
ComboFix4.txt 2010-10-19 18:37
ComboFix5.txt 2010-12-11 15:02

Pre-Run: Volných bajtů: 15 903 981 568
Post-Run: Volných bajtů: 15 737 753 600

- - End Of File - - 5D184342C939F1C641D7689DCDCAF6C3

Omlouvám se za vstup, píši na výslovnou žádost návštěvníka. Infikovaný soubor ntfs.sys byl nahrazen čistým ze zálohy. Zbytek logu vypadá OK. Nastala nějaká změna?

pri pokusech o opravu ovladace grafiky:

- nelze nacist software ovladace
- graficke adaptery ge force 8400M GS stav zarizeni: zarizeni bylo zastaveno protoze oznamilo potize (kod 43)
-------------------------------------------
rozliseni neni mozne nastavit na jinou moznost

novy log z cfix - zase neco nasel

diky

ComboFix 10-12-09.04 - europe . 12. 2010 12:20:37.19.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1346 [GMT 1:00]
Running from: c:\users\europe\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\europe\Documents\cc_20101211_013034.reg

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!System32!userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 )))))))))))))))))))))))))))))))
.

2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Kika\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Dušan\AppData\Local\temp
2010-12-12 11:38 . 2010-12-12 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-12 11:00 . 2009-10-03 04:02 584296 ----a-w- c:\windows\system32\nvuninst.exe
2010-12-10 07:49 . 2010-12-10 07:49 -------- d-----w- c:\program files\SysJewel
2010-12-10 07:18 . 2010-12-10 07:18 -------- d-----w- c:\program files\Lavalys
2010-12-09 11:29 . 2010-12-12 11:41 -------- d-----w- c:\users\europe\AppData\Local\temp
2010-12-09 06:11 . 2010-12-09 06:11 -------- d-----w- C:\Malwarebytes
2010-12-09 06:01 . 2010-12-09 06:01 -------- d-----w- C:\%APPDATA%
2010-12-03 16:08 . 2010-12-03 16:08 -------- d-----w- C:\BEST_OF_MEGAHITS_VOL_23
2010-11-25 11:18 . 2010-11-25 11:18 -------- d-----w- c:\program files\Sanmaxi Sim Card Data Recovery
2010-11-24 11:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-17 12:19 . 2010-11-17 12:19 -------- d-----w- c:\users\europe\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 13:37 . 2010-10-08 23:36 35296 ----a-w- c:\windows\system32\drivers\Dvd43.sys
2010-10-15 10:43 . 2010-10-15 10:43 388096 ----a-r- c:\users\europe\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:41 . 2010-10-17 17:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{360F2EB1-399C-4F7C-9AEC-3119C05E5A8C}\mpengine.dll
2010-10-14 11:41 . 2010-10-15 12:52 6084944 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-07 15:40 . 2010-10-07 15:40 203776 ----a-w- c:\windows\system32\clrviddc.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-21 23:26 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-13 13:56 . 2010-10-13 16:08 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]

c:\users\Duçan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Orez vaź obrazovky a spŁçśaź programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpzrcv01.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpzrcv01.LNK
backup=c:\windows\pss\hpzrcv01.LNK.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^europe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
path=c:\users\europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk
backup=c:\windows\pss\Orezávač obrazovky a spúšťač programu OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
2006-10-26 13:58 258560 ----a-w- c:\progra~1\DVDREG~1\DVDRegionFree.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-05-04 11:14 36864 ----a-w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 14:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-06-12 12:03 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 11:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 02:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\europe\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
2007-11-30 16:16 14450688 ----a-w- c:\program files\inKline Global\PC Booster\PCBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 09:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2009-03-10 19:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-16 23:19 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 15:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S3 Dvd43;Dvd43;c:\windows\system32\DRIVERS\Dvd43.sys [2010-10-15 35296]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003Core.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796638298-2559362022-2688697916-1003UA.job
- c:\users\europe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-14 13:47]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{31DCA4EB-CAB0-4CED-A8DA-AFE4AA220AB7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{3C6F9F0F-B0CC-4309-9516-7E4D078D0473}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{78F5F398-0C2F-4584-8E4C-DE0DC4FBE144}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{DBCCA46E-DC2D-4EC9-8D73-B2464A42AE53}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
TCP: {4C3718A6-DD75-4B1A-B628-36FC48575DCC} = 192.168.2.1
FF - ProfilePath - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\europe\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\europe\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\europe\AppData\Roaming\Mozilla\Firefox\Profiles\oi3fstqa.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 12:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,85,9c,67,03,8c,6f,40,bb,84,fa,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000fb

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4796)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\BTNCopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-12 12:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-12 11:53
ComboFix2.txt 2010-12-11 15:38
ComboFix3.txt 2010-12-11 00:07
ComboFix4.txt 2010-11-05 21:14
ComboFix5.txt 2010-12-12 11:18

Pre-Run: Volných bajtů: 15 521 611 776
Post-Run: Volných bajtů: 15 360 307 200

- - End Of File - - 97CDB885AACBA9B4A4F8BF31D8C7D33A

Našel další infikovaný soubor, který nahradil. Jak pravil pan kolega, vidím to rovněž na poškozený systém. Možná tam budou i viry. Zkuste udělat sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dát log.

Diky Rudy za pomoc, je to pre mna nova skusenost. Bol som v koncoch a
myslel som, ze to zachrani len preinstalacia windows a vsetkych programov.

Kaspersky virus removal tool je VITAZ!!!

Stav pred kaspersky scan:
Pc hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to.

MBAM, Spybot, IObitSec 360, AS care hlasili 0 infekcii! (vsetky boli aktualizovane)
cfix odstranil 2 infekcie a oznamil uspesne vycistenie.

Pc znovu hlasil chybu spustania sys, automaticky spustal opravu spustania,
hlasil problemy s grafikou a mal nastavene len minimalne rozlisenie bez moznosti upravit to

Kaspersky log:

Automatická kontrola: zastaveno před 17 hod. (události: 2, objekty: 40349, čas: 00:16:52)
12. 12. 2010 23:25:27 Úloha byla spuštěna
12. 12. 2010 23:42:19 Úloha byla zastavena
Automatická kontrola: dokončeno před 12 min. (události: 14, objekty: 509234, čas: 00:00:09)
12. 12. 2010 23:42:24 Úloha byla spuštěna
13. 12. 2010 1:37:07 Zjištěno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar/ParetoLogic RegCure 3.0.2.0 Final Portable/RegCure.exe
13. 12. 2010 5:09:59 Odstraněno: Trojan-Downloader.Win32.Banload.ayds C:\Documents and Settings\Downloads\pareto logic reg cure\ParetoLogic RegCure 3.0.2.0 Final Portable.rar
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe/data0000
13. 12. 2010 5:10:19 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe/data0000
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.zip/simrecovery.exe
13. 12. 2010 5:11:33 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Documents and Settings\Downloads\sim rec\simrecovery.exe
13. 12. 2010 5:34:04 Úloha byla zastavena
13. 12. 2010 15:51:17 Úloha byla spuštěna
13. 12. 2010 16:39:39 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:07 Úloha byla zastavena
13. 12. 2010 17:27:37 Úloha byla spuštěna
13. 12. 2010 17:27:46 Úloha byla dokončena
Dezinfikovat aktivní hrozby: dokončeno před 34 min. (události: 4, objekty: 6501, čas: 00:22:28)
13. 12. 2010 16:43:07 Úloha byla spuštěna
13. 12. 2010 16:43:15 Zjištěno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 16:43:42 Odstraněno: Trojan-GameThief.Win32.Lmir.pgf C:\Program Files\Sanmaxi Sim Card Data Recovery\SimRecoverer.exe
13. 12. 2010 17:05:36 Úloha byla dokončena
Automatická kontrola: dokončeno před 1 min. (události: 4, objekty: 3522, čas: 00:06:48)
13. 12. 2010 17:28:00 Úloha byla spuštěna
13. 12. 2010 17:28:18 Úloha byla zastavena
------------------------------------------------------------------------------------

Po ukonceni kaspersky scanu sa pc automaticky restartoval, nabehol system bez zavad a funguje doteraz.
Este som urobil niekolko testov, pc funguje ok.
D I K Y

Rudy, este mam 2 otazky:
Pri analyze pricin zavirenia ma napadaju dve veci.
Pred nedavnom som presiel z Panda security 2009 na ESET smart security 4 (reg vers) (4.2.64.12.)
Napriek opakovanej preinstalacii esetu, mi jeho scanner asi nefunguje spravne a asi ani firewall nie je spolahlivy.
Scan prebehne na nejakych 60% a zastavi sa na nejakom subore napr.: Prog.files/java/jr6lib/rtjar alebo subore z hp a dalej nepokracuje.
V podrobnych vypisoch je potom toto:
C:\Program Files\Java\jre6\lib\rt.jar » ZIP » com/sun/servicetag/Util.class - dekompresia neprebehla,
preverte, či je dostatok pamäte a voľného miesta na disku. (pamat mam 2G a na disku okolo 7G volneho miesta)
Je mozna oprava alebo zmena nastaveni eset, pripadne mi odporucate prejst na avast?

Asi pred 2 tyzdnami mi kamarat ponukol subor Ppt z USB kluca. Pri preberani som neskontroloval usb kluc na pritomnost virusov.
Ako postupovat teraz, aby uz pri vlozeni toho usb kluca (ktory je mozno infikovany) do pc neprislo k infekcii, este pred moznou jeho kontrolou?

Dakujem

1. Soubor C:\Program Files\Java\jre6\lib\rt.jar můžete online zkontrolovat na www.virustotal.com . Také je možné, že je soubor poškozen.
2. To, zda je USB FlashDisk zavirován, těžko poznáte na první pohled. Je třeba provést kontrolu antivirem. Pokud je zavirován, obvykle pomůže FlashDisinfector: http://www.myantispyware.com/2009/01/08 ... oval-tool/ .