VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by leebusha at 2012-07-21 12:19:18
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 106 GB (36%) free of 295 GB
Total RAM: 3069 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:33, on 21. 7. 2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\QOMO\Flow!Works\driver\DigitalPenServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\leebusha\Downloads\RSIT(1).exe
C:\Program Files\trend micro\leebusha.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [4Sync] "C:\Program Files\4Sync\4Sync.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Flow!Works Server.lnk = C:\Program Files\QOMO\Flow!Works\driver\DigitalPenServer.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6E43A2-54A1-443C-8BEC-082B0455662F}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 11853 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
exeImagine.IMD
np-mswmp.dll
np32dsw.dll
npdeployJava1.dll
npImagine.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSqueak.dll
QuickTimePlugin.class
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default\extensions\
{c45c406e-ab73-11d8-be73-000a95be3b12}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-11 163840]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-02-28 442433]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-11-17 3810304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-02-19 438403]
"MacrokeyManager"=C:\Windows\system32\WTMKM.exe [2009-04-22 3161760]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2006-11-29 90112]
"ExpressFiles"=C:\Program Files\ExpressFiles\ExpressFiles.exe [2012-01-21 424056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-04-20 247728]
"4Sync"=C:\Program Files\4Sync\4Sync.exe [2012-05-29 10821664]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-07 17425072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Flow!Works Server.lnk - C:\Program Files\QOMO\Flow!Works\driver\DigitalPenServer.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\leebusha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.msaudio1"=msaud32.acm

======List of files/folders created in the last 1 month======

2012-07-06 10:44:37 ----D---- C:\Program Files\RelevantKnowledge
2012-07-06 10:44:12 ----D---- C:\Users\leebusha\AppData\Roaming\FLAC to MP3 Converter
2012-07-06 10:43:41 ----D---- C:\Program Files\FLAC to MP3 Converter
2012-07-05 18:34:11 ----D---- C:\Program Files\Broadcom
2012-07-05 18:30:56 ----D---- C:\Program Files\Cisco
2012-07-05 18:24:10 ----A---- C:\Windows\system32\bcmwlrc.dll
2012-07-05 18:24:09 ----A---- C:\Windows\system32\Uninst_EAPModules.bat
2012-07-05 18:24:09 ----A---- C:\Windows\system32\drivers\bcm42rly.sys
2012-07-05 18:24:03 ----A---- C:\Windows\system32\bcmwlu00.exe
2012-07-05 18:24:02 ----A---- C:\Windows\system32\bcmttls.dll
2012-07-05 18:24:01 ----A---- C:\Windows\system32\bcmwlrmt.dll
2012-07-05 18:24:00 ----A---- C:\Windows\system32\wltrynt.dll
2012-07-05 18:23:57 ----A---- C:\Windows\system32\WLTRAY.EXE
2012-07-05 18:23:55 ----A---- C:\Windows\system32\WLTRYSVC.EXE
2012-07-05 18:23:55 ----A---- C:\Windows\system32\BCMWLTRY.EXE
2012-07-05 18:23:54 ----A---- C:\Windows\system32\bcmwlapi.dll

======List of files/folders modified in the last 1 month======

2012-07-21 12:19:29 ----D---- C:\Program Files\trend micro
2012-07-21 12:19:13 ----D---- C:\Windows\Temp
2012-07-21 12:06:02 ----D---- C:\Users\leebusha\AppData\Roaming\Skype
2012-07-21 09:57:29 ----A---- C:\Windows\win.ini
2012-07-20 15:30:51 ----D---- C:\Users\leebusha\AppData\Roaming\ExpressFiles
2012-07-20 11:24:44 ----D---- C:\Users\leebusha\AppData\Roaming\4Sync
2012-07-20 07:49:28 ----D---- C:\Windows\Prefetch
2012-07-16 18:18:04 ----SHD---- C:\Windows\Installer
2012-07-16 18:13:04 ----RD---- C:\Program Files
2012-07-16 18:13:00 ----D---- C:\Windows\Tasks
2012-07-15 23:02:16 ----D---- C:\Windows\System32
2012-07-15 23:02:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-07-07 00:22:53 ----D---- C:\Windows
2012-07-06 16:27:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-06 16:27:37 ----D---- C:\Windows\inf
2012-07-06 10:26:50 ----D---- C:\Users\leebusha\AppData\Roaming\BitLord
2012-07-06 10:22:09 ----A---- C:\Users\leebusha\AppData\Roaming\bitlord_log.txt
2012-07-05 18:59:57 ----SHD---- C:\System Volume Information
2012-07-05 18:45:51 ----D---- C:\Users\leebusha\AppData\Roaming\vlc
2012-07-05 18:32:22 ----D---- C:\Windows\system32\Tasks
2012-07-05 18:24:27 ----D---- C:\Windows\Help
2012-07-05 18:24:23 ----D---- C:\Windows\system32\tr-TR
2012-07-05 18:24:22 ----D---- C:\Windows\system32\th-TH
2012-07-05 18:24:22 ----D---- C:\Windows\system32\sv-SE
2012-07-05 18:24:21 ----D---- C:\Windows\system32\sl-SI
2012-07-05 18:24:20 ----D---- C:\Windows\system32\sk-SK
2012-07-05 18:24:20 ----D---- C:\Windows\system32\ru-RU
2012-07-05 18:24:19 ----D---- C:\Windows\system32\ro-RO
2012-07-05 18:24:18 ----D---- C:\Windows\system32\pl-PL
2012-07-05 18:24:18 ----D---- C:\Windows\system32\no-NO
2012-07-05 18:24:18 ----D---- C:\Windows\system32\nl-NL
2012-07-05 18:24:17 ----D---- C:\Windows\system32\lv-LV
2012-07-05 18:24:17 ----D---- C:\Windows\system32\lt-LT
2012-07-05 18:24:16 ----D---- C:\Windows\system32\ko-KR
2012-07-05 18:24:16 ----D---- C:\Windows\system32\ja-JP
2012-07-05 18:24:15 ----D---- C:\Windows\system32\it-IT
2012-07-05 18:24:15 ----D---- C:\Windows\system32\hu-HU
2012-07-05 18:24:14 ----D---- C:\Windows\system32\hr-HR
2012-07-05 18:24:14 ----D---- C:\Windows\system32\fr-FR
2012-07-05 18:24:13 ----D---- C:\Windows\system32\fi-FI
2012-07-05 18:24:13 ----D---- C:\Windows\system32\et-EE
2012-07-05 18:24:12 ----D---- C:\Windows\system32\en-US
2012-07-05 18:24:12 ----D---- C:\Windows\system32\el-GR
2012-07-05 18:24:12 ----D---- C:\Windows\system32\de-DE
2012-07-05 18:24:11 ----D---- C:\Windows\system32\da-DK
2012-07-05 18:24:11 ----D---- C:\Windows\system32\cs-CZ
2012-07-05 18:24:10 ----D---- C:\Windows\system32\drivers
2012-07-05 18:24:10 ----D---- C:\Windows\system32\bg-BG
2012-07-05 18:24:09 ----D---- C:\Windows\system32\vs08
2012-07-04 20:19:49 ----D---- C:\Users\leebusha\AppData\Roaming\Vso
2012-07-04 20:19:49 ----D---- C:\Users\leebusha\AppData\Roaming\DAEMON Tools Lite
2012-07-04 20:01:30 ----RD---- C:\Users
2012-06-26 08:44:44 ----D---- C:\ProgramData\Skype
2012-06-22 10:43:38 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-19 691696]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-05-16 376480]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2009-02-10 82320]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R1 wifimanio;Advanced WiFi-Manager NDIS Protocol Driver; C:\Windows\system32\DRIVERS\wifimanio.sys [2011-04-06 22016]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-12 164400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 3520512]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-11-17 18424]
R3 BCM43XX;Ovládač karty Dell bezdrôtovej WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-11-17 1331192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 106656]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 hhusb5;HHUsb5 - Kernel Driver 01/01/2010, 0.0.0.1; C:\Windows\system32\DRIVERS\hhusb5.sys [2010-01-13 30264]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120720.002\NAVENG.SYS [2012-05-16 87928]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120720.002\NAVEX15.SYS [2012-05-16 1589752]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-09-19 47360]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-02-28 374784]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-04-22 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-04-16 6144]
S3 avi124n5;avi124n5; C:\Windows\system32\drivers\avi124n5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-01-29 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-01-29 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-01-29 17448]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-21 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [2008-02-13 73728]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-25 655360]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-06-05 518696]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe [2012-02-23 111632]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe [2008-02-28 221239]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2010-02-13 685816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-11-17 26112]
R2 WTService;WTService; C:\Windows\system32\atwtusb.exe [2009-04-22 392864]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-12 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-12 135664]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-12-12 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]

-----------------EOF-----------------

uz mia ja zvuk vypada a neustale mi mrzne flash adobe, nusim restartovat

Zdravim
Mas tam zopar smejdov.
Vloz sem log z Combofixu
http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-07-21.01 - leebusha . 07. 2012 13:56:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3069.1180 [GMT 2:00]
Running from: c:\users\leebusha\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\ncncf.dat
c:\program files\RelevantKnowledge\nscf.dat
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\leebusha\AppData\Roaming\.#
c:\users\leebusha\AppData\Roaming\inst.exe
c:\users\leebusha\AppData\Roaming\vso_ts_preview.xml
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 12:15 . 2012-07-22 12:23 -------- d-----w- c:\users\leebusha\AppData\Local\temp
2012-07-22 12:15 . 2012-07-22 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:44 . 2012-07-06 08:44 -------- d-----w- c:\users\leebusha\AppData\Roaming\FLAC to MP3 Converter
2012-07-06 08:43 . 2012-07-06 08:43 -------- d-----w- c:\program files\FLAC to MP3 Converter
2012-07-05 16:34 . 2012-07-05 16:34 -------- d-----w- c:\program files\Broadcom
2012-07-05 16:30 . 2012-07-05 16:31 -------- d-----w- c:\program files\Cisco
2012-07-05 16:24 . 2008-11-17 05:29 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-07-05 16:24 . 2008-11-17 05:29 1591 ----a-w- c:\windows\system32\Uninst_EAPModules.bat
2012-07-05 16:24 . 2008-11-17 05:29 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-07-05 16:24 . 2008-11-17 05:29 311296 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-07-05 16:24 . 2008-11-17 05:29 4485120 ----a-w- c:\windows\system32\bcmttls.dll
2012-07-05 16:24 . 2008-11-17 05:29 54784 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-07-05 16:24 . 2008-11-17 05:29 51712 ----a-w- c:\windows\system32\wltrynt.dll
2012-07-05 16:23 . 2008-11-17 05:29 7216640 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-07-05 16:23 . 2008-11-17 05:29 3810304 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-07-05 16:23 . 2008-11-17 05:29 26112 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-07-05 16:23 . 2008-11-17 05:29 2809856 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-07-05 16:23 . 2008-11-17 05:29 153088 ----a-w- c:\windows\system32\bcmwlapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 21:02 . 2012-04-04 19:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 21:02 . 2011-06-01 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 14:21 . 2012-05-19 14:21 286720 ------w- c:\windows\Setup1.exe
2012-05-19 14:21 . 2012-05-19 14:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-18 15:09 . 2011-05-05 20:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
"4Sync"="c:\program files\4Sync\4Sync.exe" [2012-05-29 10821664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-27 442433]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"MacrokeyManager"="WTMKM.exe" [2009-04-22 3161760]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-01-21 424056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
.
c:\users\leebusha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Flow!Works Server.lnk - c:\program files\QOMO\Flow!Works\driver\DigitalPenServer.exe [2010-3-18 368640]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-3 1207376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:02]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 17:46]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 17:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9E6E43A2-54A1-443C-8BEC-082B0455662F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8682c49400000000000000ffc1f2e70d
FF - user.js: extensions.BabylonToolbar_i.hardId - 8682c49400000000000000ffc1f2e70d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15360
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:09
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-2D & 3D Animator - c:\program files\2D and 3D Animator\PY_UNINSTAL.EXE SOFTWARE\PySoft\AD_DESIGNER
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 14:21
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-313082877-3447099027-1256016339-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2412)
c:\program files\4Sync\ShellExt.dll
c:\windows\system32\btncopy.dll
c:\program files\4Sync\ShellCp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Tunngle\TnglCtrl.exe
c:\windows\system32\atwtusb.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-22 14:31:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 12:31
.
Pre-Run: 110 742 757 376 bytes free
Post-Run: 110 510 772 224 bytes free
.
- - End Of File - - 86DCA1F4EA203188A7440A6DF77FED12

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do nehocelý tex: Potom klik na Subor -> Uložiť ako.. .-> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *]všetky súbory
A ulož ho na plochu> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log

chcem sa opytat ci je v poriadku ze ked ten textovy blog pretiahnem na to combofix tak mi to znovu spusta cely proces scenovanie od Stage A...atd az po restart a opatovne vyhiodenie Loga z combo Fix

Ano je to v poriadku.

Logfile of random's system information tool 1.09 (written by random/random)
Run by leebusha at 2012-07-22 18:36:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 106 GB (36%) free of 295 GB
Total RAM: 3069 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:36:41, on 22. 7. 2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Users\leebusha\Downloads\RSIT(1).exe
C:\Program Files\trend micro\leebusha.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [4Sync] "C:\Program Files\4Sync\4Sync.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Flow!Works Server.lnk = C:\Program Files\QOMO\Flow!Works\driver\DigitalPenServer.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6E43A2-54A1-443C-8BEC-082B0455662F}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 9775 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
flashplayer.xpt
nsILegitCheckPlugin.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
exeImagine.IMD
np-mswmp.dll
np32dsw.dll
npdeployJava1.dll
npImagine.dll
npLegitCheckPlugin.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPSqueak.dll
QuickTimePlugin.class
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default\extensions\
{c45c406e-ab73-11d8-be73-000a95be3b12}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-11 163840]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-02-28 442433]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-11-17 3810304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-02-19 438403]
"MacrokeyManager"=C:\Windows\system32\WTMKM.exe [2009-04-22 3161760]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2006-11-29 90112]
"ExpressFiles"=C:\Program Files\ExpressFiles\ExpressFiles.exe [2012-01-21 424056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2012-04-20 247728]
"4Sync"=C:\Program Files\4Sync\4Sync.exe [2012-05-29 10821664]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-07 17425072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Flow!Works Server.lnk - C:\Program Files\QOMO\Flow!Works\driver\DigitalPenServer.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\leebusha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.msaudio1"=msaud32.acm

======List of files/folders created in the last 1 month======

2012-07-22 17:55:20 ----SD---- C:\ComboFix
2012-07-22 17:52:47 ----SD---- C:\32788R22FWJFW
2012-07-22 16:48:09 ----D---- C:\Windows\temp
2012-07-22 16:46:30 ----SHD---- C:\$RECYCLE.BIN
2012-07-22 13:52:04 ----A---- C:\Windows\NIRCMD.exe
2012-07-22 13:52:04 ----A---- C:\Windows\MBR.exe
2012-07-22 13:52:03 ----A---- C:\Windows\SWREG.exe
2012-07-22 13:52:03 ----A---- C:\Windows\PEV.exe
2012-07-22 13:52:02 ----A---- C:\Windows\zip.exe
2012-07-22 13:52:02 ----A---- C:\Windows\SWSC.exe
2012-07-22 13:52:02 ----A---- C:\Windows\sed.exe
2012-07-22 13:52:02 ----A---- C:\Windows\grep.exe
2012-07-22 13:51:27 ----D---- C:\Qoobox
2012-07-22 13:50:43 ----D---- C:\Windows\erdnt
2012-07-06 10:44:12 ----D---- C:\Users\leebusha\AppData\Roaming\FLAC to MP3 Converter
2012-07-06 10:43:41 ----D---- C:\Program Files\FLAC to MP3 Converter
2012-07-05 18:34:11 ----D---- C:\Program Files\Broadcom
2012-07-05 18:30:56 ----D---- C:\Program Files\Cisco
2012-07-05 18:24:10 ----A---- C:\Windows\system32\bcmwlrc.dll
2012-07-05 18:24:09 ----A---- C:\Windows\system32\Uninst_EAPModules.bat
2012-07-05 18:24:09 ----A---- C:\Windows\system32\drivers\bcm42rly.sys
2012-07-05 18:24:03 ----A---- C:\Windows\system32\bcmwlu00.exe
2012-07-05 18:24:02 ----A---- C:\Windows\system32\bcmttls.dll
2012-07-05 18:24:01 ----A---- C:\Windows\system32\bcmwlrmt.dll
2012-07-05 18:24:00 ----A---- C:\Windows\system32\wltrynt.dll
2012-07-05 18:23:57 ----A---- C:\Windows\system32\WLTRAY.EXE
2012-07-05 18:23:55 ----A---- C:\Windows\system32\WLTRYSVC.EXE
2012-07-05 18:23:55 ----A---- C:\Windows\system32\BCMWLTRY.EXE
2012-07-05 18:23:54 ----A---- C:\Windows\system32\bcmwlapi.dll

======List of files/folders modified in the last 1 month======

2012-07-22 18:36:20 ----D---- C:\Program Files\trend micro
2012-07-22 16:48:12 ----D---- C:\Windows\system32\drivers
2012-07-22 16:48:09 ----D---- C:\Windows
2012-07-22 16:42:02 ----A---- C:\Windows\system.ini
2012-07-22 16:41:29 ----D---- C:\Windows\system32\drivers\etc
2012-07-22 16:31:42 ----A---- C:\Windows\win.ini
2012-07-22 16:18:19 ----D---- C:\Windows\System32
2012-07-22 16:18:19 ----D---- C:\Windows\AppPatch
2012-07-22 16:18:15 ----D---- C:\Program Files\Common Files
2012-07-22 16:08:05 ----D---- C:\Users\leebusha\AppData\Roaming\Skype
2012-07-22 14:13:38 ----RD---- C:\Program Files
2012-07-20 15:30:51 ----D---- C:\Users\leebusha\AppData\Roaming\ExpressFiles
2012-07-20 11:24:44 ----D---- C:\Users\leebusha\AppData\Roaming\4Sync
2012-07-20 07:49:28 ----D---- C:\Windows\Prefetch
2012-07-16 18:18:04 ----SHD---- C:\Windows\Installer
2012-07-16 18:13:00 ----D---- C:\Windows\Tasks
2012-07-15 23:02:12 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-07-06 16:27:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-06 16:27:37 ----D---- C:\Windows\inf
2012-07-06 10:26:50 ----D---- C:\Users\leebusha\AppData\Roaming\BitLord
2012-07-06 10:22:09 ----A---- C:\Users\leebusha\AppData\Roaming\bitlord_log.txt
2012-07-05 18:59:57 ----SHD---- C:\System Volume Information
2012-07-05 18:45:51 ----D---- C:\Users\leebusha\AppData\Roaming\vlc
2012-07-05 18:32:22 ----D---- C:\Windows\system32\Tasks
2012-07-05 18:24:27 ----D---- C:\Windows\Help
2012-07-05 18:24:23 ----D---- C:\Windows\system32\tr-TR
2012-07-05 18:24:22 ----D---- C:\Windows\system32\th-TH
2012-07-05 18:24:22 ----D---- C:\Windows\system32\sv-SE
2012-07-05 18:24:21 ----D---- C:\Windows\system32\sl-SI
2012-07-05 18:24:20 ----D---- C:\Windows\system32\sk-SK
2012-07-05 18:24:20 ----D---- C:\Windows\system32\ru-RU
2012-07-05 18:24:19 ----D---- C:\Windows\system32\ro-RO
2012-07-05 18:24:18 ----D---- C:\Windows\system32\pl-PL
2012-07-05 18:24:18 ----D---- C:\Windows\system32\no-NO
2012-07-05 18:24:18 ----D---- C:\Windows\system32\nl-NL
2012-07-05 18:24:17 ----D---- C:\Windows\system32\lv-LV
2012-07-05 18:24:17 ----D---- C:\Windows\system32\lt-LT
2012-07-05 18:24:16 ----D---- C:\Windows\system32\ko-KR
2012-07-05 18:24:16 ----D---- C:\Windows\system32\ja-JP
2012-07-05 18:24:15 ----D---- C:\Windows\system32\it-IT
2012-07-05 18:24:15 ----D---- C:\Windows\system32\hu-HU
2012-07-05 18:24:14 ----D---- C:\Windows\system32\hr-HR
2012-07-05 18:24:14 ----D---- C:\Windows\system32\fr-FR
2012-07-05 18:24:13 ----D---- C:\Windows\system32\fi-FI
2012-07-05 18:24:13 ----D---- C:\Windows\system32\et-EE
2012-07-05 18:24:12 ----D---- C:\Windows\system32\en-US
2012-07-05 18:24:12 ----D---- C:\Windows\system32\el-GR
2012-07-05 18:24:12 ----D---- C:\Windows\system32\de-DE
2012-07-05 18:24:11 ----D---- C:\Windows\system32\da-DK
2012-07-05 18:24:11 ----D---- C:\Windows\system32\cs-CZ
2012-07-05 18:24:10 ----D---- C:\Windows\system32\bg-BG
2012-07-05 18:24:09 ----D---- C:\Windows\system32\vs08
2012-07-04 20:19:49 ----D---- C:\Users\leebusha\AppData\Roaming\Vso
2012-07-04 20:19:49 ----D---- C:\Users\leebusha\AppData\Roaming\DAEMON Tools Lite
2012-07-04 20:01:30 ----RD---- C:\Users
2012-06-26 08:44:44 ----D---- C:\ProgramData\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-19 691696]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-05-16 376480]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2009-02-10 82320]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R1 wifimanio;Advanced WiFi-Manager NDIS Protocol Driver; C:\Windows\system32\DRIVERS\wifimanio.sys [2011-04-06 22016]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-12 164400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-26 3520512]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-11-17 18424]
R3 BCM43XX;Ovládač karty Dell bezdrôtovej WLAN; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-11-17 1331192]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 106656]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 hhusb5;HHUsb5 - Kernel Driver 01/01/2010, 0.0.0.1; C:\Windows\system32\DRIVERS\hhusb5.sys [2010-01-13 30264]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
R3 moufiltr;Tablet Mouse Filter Driver; C:\Windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120720.002\NAVENG.SYS [2012-05-16 87928]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120720.002\NAVEX15.SYS [2012-05-16 1589752]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-09-19 47360]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-02-28 374784]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-04-22 109744]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-12-12 25984]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 vhidmini;Generic Virtual HID Driver; C:\Windows\system32\DRIVERS\walvhid.sys [2009-04-16 6144]
S3 aw95g36d;aw95g36d; C:\Windows\system32\drivers\aw95g36d.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-01-29 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-01-29 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-01-29 17448]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 mbr;mbr; \??\C:\Users\leebusha\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-21 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [2008-02-13 73728]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-25 655360]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-06-05 518696]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe [2008-02-28 221239]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2010-02-13 685816]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-11-17 26112]
R2 WTService;WTService; C:\Windows\system32\atwtusb.exe [2009-04-22 392864]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-12 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-12 135664]
S3 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-12-12 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]

-----------------EOF-----------------

To co tu davas RSIT?? potrebujem log co ti dal combofix.

ComboFix 12-07-21.01 - leebusha . 07. 2012 16:09:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3069.1870 [GMT 2:00]
Running from: c:\users\leebusha\Desktop\ComboFix.exe
Command switches used :: c:\users\leebusha\Desktop\CFScript.txt.TXT
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 14:27 . 2012-07-22 14:42 -------- d-----w- c:\users\leebusha\AppData\Local\temp
2012-07-22 14:27 . 2012-07-22 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 08:44 . 2012-07-06 08:44 -------- d-----w- c:\users\leebusha\AppData\Roaming\FLAC to MP3 Converter
2012-07-06 08:43 . 2012-07-06 08:43 -------- d-----w- c:\program files\FLAC to MP3 Converter
2012-07-05 16:34 . 2012-07-05 16:34 -------- d-----w- c:\program files\Broadcom
2012-07-05 16:30 . 2012-07-05 16:31 -------- d-----w- c:\program files\Cisco
2012-07-05 16:24 . 2008-11-17 05:29 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-07-05 16:24 . 2008-11-17 05:29 1591 ----a-w- c:\windows\system32\Uninst_EAPModules.bat
2012-07-05 16:24 . 2008-11-17 05:29 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2012-07-05 16:24 . 2008-11-17 05:29 311296 ----a-w- c:\windows\system32\bcmwlu00.exe
2012-07-05 16:24 . 2008-11-17 05:29 4485120 ----a-w- c:\windows\system32\bcmttls.dll
2012-07-05 16:24 . 2008-11-17 05:29 54784 ----a-w- c:\windows\system32\bcmwlrmt.dll
2012-07-05 16:24 . 2008-11-17 05:29 51712 ----a-w- c:\windows\system32\wltrynt.dll
2012-07-05 16:23 . 2008-11-17 05:29 7216640 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2012-07-05 16:23 . 2008-11-17 05:29 3810304 ----a-w- c:\windows\system32\WLTRAY.EXE
2012-07-05 16:23 . 2008-11-17 05:29 26112 ----a-w- c:\windows\system32\WLTRYSVC.EXE
2012-07-05 16:23 . 2008-11-17 05:29 2809856 ----a-w- c:\windows\system32\BCMWLTRY.EXE
2012-07-05 16:23 . 2008-11-17 05:29 153088 ----a-w- c:\windows\system32\bcmwlapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 21:02 . 2012-04-04 19:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 21:02 . 2011-06-01 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 14:21 . 2012-05-19 14:21 286720 ------w- c:\windows\Setup1.exe
2012-05-19 14:21 . 2012-05-19 14:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-18 15:09 . 2011-05-05 20:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
"4Sync"="c:\program files\4Sync\4Sync.exe" [2012-05-29 10821664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-02-27 442433]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"MacrokeyManager"="WTMKM.exe" [2009-04-22 3161760]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-01-21 424056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
.
c:\users\leebusha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Flow!Works Server.lnk - c:\program files\QOMO\Flow!Works\driver\DigitalPenServer.exe [2010-3-18 368640]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-3 1207376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:02]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 17:46]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-12 17:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9E6E43A2-54A1-443C-8BEC-082B0455662F}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\leebusha\AppData\Roaming\Mozilla\Firefox\Profiles\i8mp6ohp.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 16:41
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1852)
c:\program files\4Sync\ShellExt.dll
c:\windows\system32\btncopy.dll
c:\program files\4Sync\ShellCp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Tunngle\TnglCtrl.exe
c:\windows\system32\atwtusb.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2012-07-22 16:48:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 14:48
ComboFix2.txt 2012-07-22 12:31
.
Pre-Run: 111 078 014 976 bytes free
Post-Run: 111 007 412 224 bytes free
.
- - End Of File - - 561CA4F720A4F9670ADC3564A3F05FB4

1,Odinstaluj combofix
Premenuj ikonu combofixu na uninstall
a spust.

2,Podla tohto navodu od kolegu vyoska, vycisti CCleanerom

Stahnete Ccleaner
http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

3,Stiahneme OTL exe na plochu a spustime.
http://oldtimer.geekstogo.com/OTL.exe
Nastavenie necháme tak ako je, dole do okna vložte tento skript. A kliknete na gombík OPRAVIŤ.
log vloz sem, a napis ako je na tom pc.

v tom otl mam soustit run scan ano? lebo je tam aj run fix.

A kliknete na gombík OPRAVIŤ.=run fix.

All processes killed
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: leebusha
->Temp folder emptied: 8801128 bytes
->Temporary Internet Files folder emptied: 587230 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66312789 bytes
->Flash cache emptied: 681 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 552569 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 73,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07222012_204658

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

pocitac zatial v pohode, nestrakuje.