VIRY.CZ

Vďaka

Logfile of random's system information tool 1.06 (written by random/random)
Run by G-Style at 2010-03-15 22:22:17
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 35 GB (25%) free of 144 GB
Total RAM: 2046 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:44, on 15. 3. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\G-Style\Desktop\RSIT.exe
C:\Program Files\trend micro\G-Style.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11360 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000UA.job
C:\Windows\tasks\Norton Internet Security - Prověřit tento počítač - G-Style.job
C:\Windows\tasks\User_Feed_Synchronization-{9B4E73A3-966B-4A33-AC9B-6ED0733D777B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2008-09-12 153008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2009-03-31 357744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2009-04-03 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2009-03-31 357744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-09 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-24 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-16 218408]
"DpAgent"=C:\Program Files\DigitalPersona\Bin\dpagent.exe [2007-09-20 671744]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-04-13 2387968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2008-09-16 932272]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-08 4608]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Google Update"=C:\Users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22b17cf9-c8b8-11de-a99a-00218639b558}]
shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{237010ea-3e80-11de-8ca2-00218639b558}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\zipsetup.exe /H

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36d6f992-17f2-11de-bb89-00218639b558}]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e9400a7-0110-11de-8f30-00218639b558}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e9400c2-0110-11de-8f30-00218639b558}]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c730f0e-b285-11de-8251-00218639b558}]
shell\AutoRun\command - H:\seamlessKeyLauncher.exe

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-15 22:07:17 ----D---- C:\Windows\system32\eu-ES
2010-03-15 22:07:17 ----D---- C:\Windows\system32\ca-ES
2010-03-15 22:07:07 ----D---- C:\Windows\system32\vi-VN
2010-03-15 20:46:53 ----D---- C:\Windows\system32\EventProviders
2010-03-15 20:25:44 ----D---- C:\rsit
2010-03-14 03:54:41 ----D---- C:\Program Files\Rockstar Games
2010-03-11 03:01:10 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 03:00:59 ----A---- C:\Windows\system32\httpapi.dll
2010-03-09 03:01:08 ----A---- C:\Windows\system32\browserchoice.exe
2010-02-24 06:17:56 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 06:17:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 06:17:13 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 06:17:12 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 06:17:12 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 06:17:11 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:17:11 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 06:17:11 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 06:17:10 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 06:17:10 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-17 23:47:03 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-16 23:30:54 ----A---- C:\Windows\DelDir.EXE

======List of files/folders modified in the last 1 months======

2010-03-15 22:22:42 ----RSD---- C:\Windows\assembly
2010-03-15 22:22:38 ----D---- C:\Windows\Temp
2010-03-15 22:22:24 ----D---- C:\Program Files\trend micro
2010-03-15 22:21:34 ----D---- C:\Users\G-Style\AppData\Roaming\DMCache
2010-03-15 22:20:23 ----D---- C:\ProgramData\NVIDIA
2010-03-15 22:19:09 ----D---- C:\Windows\Microsoft.NET
2010-03-15 22:18:42 ----D---- C:\Windows
2010-03-15 22:18:38 ----SHD---- C:\boot
2010-03-15 22:18:35 ----D---- C:\Windows\system32\catroot
2010-03-15 22:17:25 ----D---- C:\Windows\inf
2010-03-15 22:10:30 ----D---- C:\Program Files\Windows Mail
2010-03-15 22:10:30 ----D---- C:\Program Files\Windows Calendar
2010-03-15 22:10:30 ----D---- C:\Program Files\Movie Maker
2010-03-15 22:10:28 ----D---- C:\Program Files\Windows Sidebar
2010-03-15 22:10:28 ----D---- C:\Program Files\Windows Media Player
2010-03-15 22:10:28 ----D---- C:\Program Files\Internet Explorer
2010-03-15 22:10:27 ----D---- C:\Program Files\Windows Journal
2010-03-15 22:10:27 ----D---- C:\Program Files\Windows Collaboration
2010-03-15 22:10:24 ----D---- C:\Program Files\Windows Photo Gallery
2010-03-15 22:10:24 ----D---- C:\Program Files\Common Files\System
2010-03-15 22:10:16 ----D---- C:\Windows\servicing
2010-03-15 22:10:16 ----D---- C:\Program Files\Windows Defender
2010-03-15 22:10:15 ----D---- C:\Windows\ehome
2010-03-15 22:09:46 ----D---- C:\Windows\system32\XPSViewer
2010-03-15 22:09:46 ----D---- C:\Windows\system32\lv-LV
2010-03-15 22:09:46 ----D---- C:\Windows\IME
2010-03-15 22:09:45 ----D---- C:\Windows\system32\sk-SK
2010-03-15 22:09:45 ----D---- C:\Windows\system32\ko-KR
2010-03-15 22:09:45 ----D---- C:\Windows\system32\it-IT
2010-03-15 22:09:45 ----D---- C:\Windows\system32\hr-HR
2010-03-15 22:09:45 ----D---- C:\Windows\system32\et-EE
2010-03-15 22:09:45 ----D---- C:\Windows\system32\en-US
2010-03-15 22:09:45 ----D---- C:\Windows\system32\el-GR
2010-03-15 22:09:45 ----D---- C:\Windows\system32\de-DE
2010-03-15 22:09:45 ----D---- C:\Windows\system32\da-DK
2010-03-15 22:09:44 ----D---- C:\Windows\system32\oobe
2010-03-15 22:09:44 ----D---- C:\Windows\system32\migration
2010-03-15 22:09:38 ----D---- C:\Windows\system32\sv-SE
2010-03-15 22:09:38 ----D---- C:\Windows\system32\setup
2010-03-15 22:09:38 ----D---- C:\Windows\system32\ru-RU
2010-03-15 22:09:38 ----D---- C:\Windows\system32\he-IL
2010-03-15 22:09:38 ----D---- C:\Windows\system32\fr-FR
2010-03-15 22:09:38 ----D---- C:\Windows\system32\fi-FI
2010-03-15 22:09:38 ----D---- C:\Windows\system32\cs
2010-03-15 22:09:38 ----D---- C:\Windows\system32\AdvancedInstallers
2010-03-15 22:09:34 ----D---- C:\Windows\system32\cs-CZ
2010-03-15 22:09:28 ----D---- C:\Windows\system32\SLUI
2010-03-15 22:09:28 ----D---- C:\Windows\system32\pt-PT
2010-03-15 22:09:28 ----D---- C:\Windows\system32\hu-HU
2010-03-15 22:09:25 ----D---- C:\Windows\system32\zh-CN
2010-03-15 22:09:24 ----D---- C:\Windows\system32\zh-TW
2010-03-15 22:09:24 ----D---- C:\Windows\system32\uk-UA
2010-03-15 22:09:24 ----D---- C:\Windows\system32\sr-Latn-CS
2010-03-15 22:09:24 ----D---- C:\Windows\system32\sl-SI
2010-03-15 22:09:24 ----D---- C:\Windows\system32\pl-PL
2010-03-15 22:09:24 ----D---- C:\Windows\system32\manifeststore
2010-03-15 22:09:24 ----D---- C:\Windows\system32\ja-JP
2010-03-15 22:09:24 ----D---- C:\Windows\system32\es-ES
2010-03-15 22:09:24 ----D---- C:\Windows\system32\bg-BG
2010-03-15 22:09:23 ----D---- C:\Windows\system32\th-TH
2010-03-15 22:09:23 ----D---- C:\Windows\system32\ro-RO
2010-03-15 22:09:22 ----D---- C:\Windows\system32\drivers
2010-03-15 22:09:21 ----D---- C:\Windows\system32\tr-TR
2010-03-15 22:09:20 ----D---- C:\Windows\system32\wbem
2010-03-15 22:09:17 ----D---- C:\Windows\system32\nl-NL
2010-03-15 22:09:17 ----D---- C:\Windows\system32\nb-NO
2010-03-15 22:09:17 ----D---- C:\Windows\system32\lt-LT
2010-03-15 22:09:17 ----D---- C:\Windows\system32\ar-SA
2010-03-15 22:09:16 ----D---- C:\Windows\system32\migwiz
2010-03-15 22:09:15 ----D---- C:\Windows\system32\pt-BR
2010-03-15 22:09:15 ----D---- C:\Windows\System32
2010-03-15 22:07:42 ----RSD---- C:\Windows\Fonts
2010-03-15 22:07:37 ----D---- C:\Windows\AppPatch
2010-03-15 22:07:07 ----D---- C:\Windows\system32\Boot
2010-03-15 21:13:36 ----D---- C:\Windows\system32\RTCOM
2010-03-15 21:00:58 ----D---- C:\Windows\winsxs
2010-03-15 20:49:23 ----SHD---- C:\System Volume Information
2010-03-15 20:40:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-15 20:20:30 ----D---- C:\Users\G-Style\AppData\Roaming\dvdcss
2010-03-15 01:26:17 ----D---- C:\Windows\system32\catroot2
2010-03-14 04:10:56 ----D---- C:\Windows\Prefetch
2010-03-14 03:54:41 ----RD---- C:\Program Files
2010-03-14 03:54:41 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-06 01:40:32 ----SHD---- C:\Windows\Installer
2010-03-05 13:16:02 ----D---- C:\ProgramData\CanonIJPLM
2010-03-02 06:30:12 ----A---- C:\Windows\system32\mrt.exe
2010-02-25 03:37:42 ----D---- C:\Windows\rescache
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100312.001\IDSvix86.sys [2009-11-20 286768]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2009-03-17 447024]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-09 1970712]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100315.003\NAVENG.SYS [2010-02-03 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100315.003\NAVEX15.SYS [2010-02-03 1324720]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-04-03 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a5gjbua5;a5gjbua5; C:\Windows\system32\drivers\a5gjbua5.sys []
S3 aet5t7k5;aet5t7k5; C:\Windows\system32\drivers\aet5t7k5.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-02-21 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-02-21 24616]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-05-26 101376]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Plánovač automatické aktualizace LiveUpdate; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2007-09-20 299008]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-24 358936]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-05-01 75064]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-02-20 354816]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-04-03 1245064]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Zdravím

Na logu se pracuje, prosím o strpení.

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

za oneskorenie sa chcem ospravedlniť

ComboFix 10-03-18.02 - G-Style . 03. 2010 19:31:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1314 [GMT 1:00]
Running from: c:\users\G-Style\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1982227316-3750647242-2940710794-500
c:\$recycle.bin\S-1-5-21-3415585931-1712789493-3323697632-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\Connect.dll
c:\windows\system32\oem4.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-25 to 2010-03-25 )))))))))))))))))))))))))))))))
.

2010-03-25 18:43 . 2010-03-25 18:44 -------- d-----w- c:\users\G-Style\AppData\Local\temp
2010-03-25 18:43 . 2010-03-25 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-25 12:42 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\NAVENG.SYS
2010-03-25 12:42 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\NAVEX15.SYS
2010-03-25 12:42 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\ECMSVR32.DLL
2010-03-25 12:42 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\EECTRL.SYS
2010-03-25 12:42 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\NAVENG32.DLL
2010-03-25 12:42 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\NAVEX32A.DLL
2010-03-25 12:42 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\ERASER.SYS
2010-03-25 12:42 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.037\CCERASER.DLL
2010-03-24 21:26 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\NAVENG.SYS
2010-03-24 21:26 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\NAVEX15.SYS
2010-03-24 21:26 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\CCERASER.DLL
2010-03-24 21:26 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\ECMSVR32.DLL
2010-03-24 21:26 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\EECTRL.SYS
2010-03-24 21:26 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\NAVENG32.DLL
2010-03-24 21:26 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\NAVEX32A.DLL
2010-03-24 21:26 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100324.002\ERASER.SYS
2010-03-24 10:07 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\SymIDSCo.sys
2010-03-24 10:07 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\SymIDSI.dll
2010-03-24 10:07 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\Scxpx86.dll
2010-03-24 10:07 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSvix86.sys
2010-03-24 10:07 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSxpx86.dll
2010-03-24 10:07 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSviA64.sys
2010-03-24 10:07 . 2009-03-17 23:43 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDS9xx86.dll
2010-03-23 10:04 . 2010-03-23 10:04 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-18 20:45 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-18 20:45 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-18 20:45 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-18 20:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-18 20:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-18 20:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-16 10:20 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-16 10:20 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-16 10:20 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-15 23:10 . 2008-12-19 16:15 4338246 ----a-w- c:\users\G-Style\AppData\Roaming\BSplayer Pro\FFDShow\libavcodec.dll
2010-03-15 21:43 . 2010-03-16 19:40 -------- d-----w- c:\users\G-Style\AppData\Roaming\BSplayer Pro
2010-03-15 21:43 . 2010-03-15 21:46 -------- d-----w- c:\users\G-Style\AppData\Roaming\BSplayer
2010-03-15 21:43 . 2010-03-15 23:10 -------- d-----w- c:\program files\Webteh
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\ca-ES
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\eu-ES
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\vi-VN
2010-03-15 19:46 . 2010-03-15 19:46 -------- d-----w- c:\windows\system32\EventProviders
2010-03-15 19:25 . 2010-03-15 19:26 -------- d-----w- C:\rsit
2010-03-15 11:53 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\SymIDSCo.sys
2010-03-15 11:53 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\Scxpx86.dll
2010-03-15 11:53 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSvix86.sys
2010-03-15 11:53 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\SymIDSI.dll
2010-03-15 11:53 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSxpx86.dll
2010-03-15 11:53 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSviA64.sys
2010-03-15 11:53 . 2009-03-17 23:43 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDS9xx86.dll
2010-03-14 02:54 . 2010-03-14 02:54 -------- d-----w- c:\program files\Rockstar Games
2010-03-11 02:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 02:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 02:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-09 02:01 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-24 05:17 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 05:17 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 05:17 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 05:17 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 05:17 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 05:17 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 05:17 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 05:17 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 05:17 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 05:17 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 18:36 . 2008-05-04 04:46 590348 ----a-w- c:\windows\system32\perfh005.dat
2010-03-25 18:36 . 2008-05-04 04:46 114900 ----a-w- c:\windows\system32\perfc005.dat
2010-03-25 18:25 . 2008-06-18 22:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-25 18:20 . 2008-10-17 14:07 -------- d-----w- c:\users\G-Style\AppData\Roaming\DMCache
2010-03-25 10:36 . 2009-03-11 18:42 32061 ----a-w- c:\programdata\nvModes.dat
2010-03-23 15:03 . 2009-11-22 11:53 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-23 14:59 . 2009-11-22 12:09 -------- d-----w- c:\programdata\CanonIJ
2010-03-23 10:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-23 10:03 . 2010-03-23 10:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-23 10:02 . 2010-03-23 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-19 23:43 . 2008-12-02 23:27 -------- d-----w- c:\users\G-Style\AppData\Roaming\dvdcss
2010-03-15 21:22 . 2009-11-15 14:06 -------- d-----w- c:\program files\trend micro
2010-03-15 21:20 . 2008-06-18 23:17 -------- d-----w- c:\programdata\NVIDIA
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-15 21:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-15 20:04 . 2010-03-15 20:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-03-14 22:33 . 2008-10-17 11:24 88928 ----a-w- c:\users\G-Style\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-14 02:54 . 2008-05-03 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 09:16 . 2009-10-04 13:23 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 22:47 . 2010-02-17 22:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 22:30 . 2010-02-16 22:30 16384 ----a-w- c:\windows\DelDir.EXE
2010-02-10 22:51 . 2008-11-15 21:43 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-10 22:37 . 2008-11-15 21:43 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-09 22:53 . 2010-02-09 22:53 -------- d-----w- c:\program files\GSC World Publishing
2010-02-09 16:26 . 2009-11-22 14:43 -------- d-----w- c:\programdata\ABBYY
2010-02-09 16:26 . 2009-11-22 14:43 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-02-03 01:03 . 2010-02-03 08:10 606 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\tmp6ae.tmp\cur.scr
2010-01-31 20:37 . 2010-01-30 03:23 -------- d-----w- c:\program files\Veetle
2010-01-28 10:38 . 2009-03-23 15:40 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 12:20 . 2009-10-06 14:30 -------- d-----w- c:\users\G-Style\AppData\Roaming\Corel
2010-01-25 12:19 . 2010-01-25 12:19 65536 ----a-r- c:\users\G-Style\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-01-25 12:19 . 2010-01-25 12:19 10134 ----a-r- c:\users\G-Style\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2010-01-25 12:14 . 2010-01-25 12:14 -------- d-----w- c:\program files\Corel
2010-01-25 12:14 . 2010-01-25 12:14 -------- d-----w- c:\program files\Common Files\Corel
2010-01-06 15:38 . 2010-03-16 10:20 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-16 10:20 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-16 10:20 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-16 10:20 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2008-10-13 09:36 . 2008-10-13 09:36 35950872 ----a-r- c:\program files\PhysX_8.10.13_SystemSoftware.exe
2009-03-31 20:47 . 2009-04-03 12:54 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-16 932272]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-08 4608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-31 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-5-8 943568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,ad,77,fd,84,c4,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-28 721904]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-21 13224]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100320.001\IDSvix86.sys [2009-11-20 286768]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000Core.job
- c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 20:51]

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000UA.job
- c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 20:51]

2010-03-22 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - G-Style.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]

2010-03-25 c:\windows\Tasks\User_Feed_Synchronization-{9B4E73A3-966B-4A33-AC9B-6ED0733D777B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\G-Style\AppData\Roaming\Mozilla\Firefox\Profiles\egxhfduy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\G-Style\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\G-Style\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\users\G-Style\Downloads\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 19:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e2,66,ef,5b,f4,3b,3a,36,21,66,45,97,d5,01,25,84,1b,42,70,16,e5,
ff,b7,ec,5b,9c,c3,a0,0b,8a,b9,1c,2c,56,a4,97,99,ac,4e,76,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{66a52b21-ebb5-42b4-8c7c-e4947c83bf77}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012f
"Therad"=dword:0000000e

[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{7b74d2ff-538a-445f-8755-32e3296b8517}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000000b
"Therad"=dword:0000000f

[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ec,c8,31,41,06,5d,31,cf,d5,93,5c,04,ad,93,e1,4b,a9,d9,4e,b8,4f,
02,6c,33,2f,1c,04,ca,40,19,c3,b0,94,ec,2a,cc,9e,fc,0f,c6,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2010-03-25 19:47:48
ComboFix-quarantined-files.txt 2010-03-25 18:47

Pre-Run: Volných bajtů: 23 910 559 744
Post-Run: Volných bajtů: 23 531 114 496

- - End Of File - - 2FCE03160D93B8A22F0E4EB5759C8A3C

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

RegLock::
[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{66a52b21-ebb5-42b4-8c7c-e4947c83bf77}]
[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{7b74d2ff-538a-445f-8755-32e3296b8517}]
[HKEY_USERS\S-1-5-21-1982227316-3750647242-2940710794-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ComboFix 10-03-29.04 - G-Style . 03. 2010 23:55:01.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1029.18.2046.1213 [GMT 2:00]
Running from: c:\users\G-Style\Desktop\ComboFix.exe
Command switches used :: c:\users\G-Style\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 22:02 . 2010-03-31 22:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-31 22:02 . 2010-03-31 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-31 15:30 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\NAVEX32A.DLL
2010-03-31 15:30 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\NAVENG.SYS
2010-03-31 15:30 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\NAVEX15.SYS
2010-03-31 15:30 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\CCERASER.DLL
2010-03-31 15:30 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\ECMSVR32.DLL
2010-03-31 15:30 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\EECTRL.SYS
2010-03-31 15:30 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\NAVENG32.DLL
2010-03-31 15:30 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.048\ERASER.SYS
2010-03-30 22:21 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\NAVENG.SYS
2010-03-30 22:21 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\NAVEX15.SYS
2010-03-30 22:21 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\CCERASER.DLL
2010-03-30 22:21 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\ECMSVR32.DLL
2010-03-30 22:21 . 2009-08-27 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\EECTRL.SYS
2010-03-30 22:21 . 2009-08-27 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\NAVENG32.DLL
2010-03-30 22:21 . 2009-08-27 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\NAVEX32A.DLL
2010-03-30 22:21 . 2009-08-27 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100330.009\ERASER.SYS
2010-03-25 21:01 . 2010-03-25 21:01 -------- d-----w- c:\windows\Sun
2010-03-25 18:47 . 2010-03-31 22:02 -------- d-----w- c:\users\G-Style\AppData\Local\temp
2010-03-24 10:07 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\SymIDSCo.sys
2010-03-24 10:07 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\SymIDSI.dll
2010-03-24 10:07 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\Scxpx86.dll
2010-03-24 10:07 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSvix86.sys
2010-03-24 10:07 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSxpx86.dll
2010-03-24 10:07 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDSviA64.sys
2010-03-24 10:07 . 2009-03-17 23:43 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100320.001\IDS9xx86.dll
2010-03-23 10:04 . 2010-03-23 10:04 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-18 20:45 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-18 20:45 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-18 20:45 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-18 20:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-18 20:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-18 20:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-16 10:20 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-16 10:20 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-16 10:20 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-15 23:10 . 2008-12-19 16:15 4338246 ----a-w- c:\users\G-Style\AppData\Roaming\BSplayer Pro\FFDShow\libavcodec.dll
2010-03-15 21:43 . 2010-03-16 19:40 -------- d-----w- c:\users\G-Style\AppData\Roaming\BSplayer Pro
2010-03-15 21:43 . 2010-03-15 21:46 -------- d-----w- c:\users\G-Style\AppData\Roaming\BSplayer
2010-03-15 21:43 . 2010-03-15 23:10 -------- d-----w- c:\program files\Webteh
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\ca-ES
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\eu-ES
2010-03-15 21:07 . 2010-03-15 21:09 -------- d-----w- c:\windows\system32\vi-VN
2010-03-15 19:46 . 2010-03-15 19:46 -------- d-----w- c:\windows\system32\EventProviders
2010-03-15 11:53 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\SymIDSCo.sys
2010-03-15 11:53 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\Scxpx86.dll
2010-03-15 11:53 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSvix86.sys
2010-03-15 11:53 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\SymIDSI.dll
2010-03-15 11:53 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSxpx86.dll
2010-03-15 11:53 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDSviA64.sys
2010-03-15 11:53 . 2009-03-17 23:43 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100312.001\IDS9xx86.dll
2010-03-14 02:54 . 2010-03-14 02:54 -------- d-----w- c:\program files\Rockstar Games
2010-03-11 02:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 02:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 02:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-09 02:01 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 21:51 . 2008-05-04 04:46 590348 ----a-w- c:\windows\system32\perfh005.dat
2010-03-31 21:51 . 2008-05-04 04:46 114900 ----a-w- c:\windows\system32\perfc005.dat
2010-03-31 21:48 . 2008-10-17 14:07 -------- d-----w- c:\users\G-Style\AppData\Roaming\DMCache
2010-03-31 21:41 . 2008-06-18 22:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-31 15:33 . 2009-03-11 18:42 32061 ----a-w- c:\programdata\nvModes.dat
2010-03-23 15:03 . 2009-11-22 11:53 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-23 14:59 . 2009-11-22 12:09 -------- d-----w- c:\programdata\CanonIJ
2010-03-23 10:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-23 10:03 . 2010-03-23 10:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-03-23 10:02 . 2010-03-23 10:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-19 23:43 . 2008-12-02 23:27 -------- d-----w- c:\users\G-Style\AppData\Roaming\dvdcss
2010-03-15 21:22 . 2009-11-15 14:06 -------- d-----w- c:\program files\trend micro
2010-03-15 21:20 . 2008-06-18 23:17 -------- d-----w- c:\programdata\NVIDIA
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-15 21:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-15 21:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-15 20:04 . 2010-03-15 20:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-03-14 22:33 . 2008-10-17 11:24 88928 ----a-w- c:\users\G-Style\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-14 02:54 . 2008-05-03 19:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 09:16 . 2009-10-04 13:23 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-17 22:47 . 2010-02-17 22:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-16 22:30 . 2010-02-16 22:30 16384 ----a-w- c:\windows\DelDir.EXE
2010-02-10 22:51 . 2008-11-15 21:43 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-10 22:37 . 2008-11-15 21:43 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-09 22:53 . 2010-02-09 22:53 -------- d-----w- c:\program files\GSC World Publishing
2010-02-09 16:26 . 2009-11-22 14:43 -------- d-----w- c:\programdata\ABBYY
2010-02-09 16:26 . 2009-11-22 14:43 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-02-03 01:03 . 2010-02-03 08:10 606 ----a-w- c:\programdata\Symantec\Definitions\SymcData\nco1.0defs\tmp6ae.tmp\cur.scr
2010-01-31 20:37 . 2010-01-30 03:23 -------- d-----w- c:\program files\Veetle
2010-01-25 12:19 . 2010-01-25 12:19 65536 ----a-r- c:\users\G-Style\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-01-25 12:19 . 2010-01-25 12:19 10134 ----a-r- c:\users\G-Style\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2010-01-25 12:00 . 2010-02-24 05:17 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 05:17 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 05:17 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 05:17 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 05:17 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 05:17 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 05:17 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 05:17 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 05:17 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:38 . 2010-03-16 10:20 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-16 10:20 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-16 10:20 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-16 10:20 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2008-10-13 09:36 . 2008-10-13 09:36 35950872 ----a-r- c:\program files\PhysX_8.10.13_SystemSoftware.exe
2009-03-31 20:47 . 2009-04-03 12:54 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-03-25_18.44.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18444_none_f3464f90ba4365fd\mshtmler.dll
+ 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\admparse.dll
+ 2009-06-10 08:41 . 2009-04-11 06:28 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\WininetPlugin.dll
+ 2009-06-10 08:41 . 2009-04-11 06:28 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18226_none_03bfd0c79f0428b9\jsproxy.dll
+ 2008-10-17 12:45 . 2008-02-22 05:01 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\WininetPlugin.dll
+ 2008-01-21 01:58 . 2010-03-31 21:38 60256 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-17 11:15 . 2010-03-31 21:45 14910 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1982227316-3750647242-2940710794-1000_UserData.bin
- 2008-10-17 11:11 . 2010-03-25 18:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-17 11:11 . 2010-03-31 21:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-17 11:11 . 2010-03-31 21:28 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-17 11:11 . 2010-03-25 18:28 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-17 11:11 . 2010-03-31 21:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-17 11:11 . 2010-03-25 18:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-17 11:56 . 2010-03-23 10:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-17 11:56 . 2010-03-31 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-17 11:56 . 2010-03-31 21:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-17 11:56 . 2010-03-23 10:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-17 11:56 . 2010-03-31 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-17 11:56 . 2010-03-23 10:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-20 10:15 . 2010-03-31 21:34 4812 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-20 10:15 . 2010-03-23 10:05 4812 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-03-25 18:28 . 2010-03-25 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-31 21:43 . 2010-03-31 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-25 18:28 . 2010-03-25 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-31 21:43 . 2010-03-31 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 02:24 . 2008-01-21 02:24 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18444_none_647b35afae3bd305\ieui.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18444_none_477c73698ca0f9ff\sqmapi.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18444_none_ae0aeadd06e2b348\ieakui.dll
+ 2008-10-17 12:53 . 2010-03-31 19:15 767478 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-03-31 21:45 122476 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2010-03-25 18:36 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-31 21:51 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-03-25 18:36 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-03-31 21:51 101250 c:\windows\System32\perfc009.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.22360_none_fdc14f0082331a90\ieapfltr.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6002.18226_none_fd68f3a168efa30c\ieapfltr.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.22653_none_fbe8ade28501f580\ieapfltr.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6001.18444_none_fb6adf676bdb55f5\ieapfltr.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21242_none_fa0c151a87d46562\ieapfltr.dat
+ 2009-07-30 22:07 . 2009-06-18 06:56 2452872 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.17037_none_f99247c76eaa2b33\ieapfltr.dat
- 2006-11-02 10:22 . 2010-03-25 18:26 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-03-31 21:34 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-04-30 11:52 . 2010-03-31 12:39 249673679 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-04-13 2387968]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-09-16 932272]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-08 4608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-31 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-5-8 943568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,ad,77,fd,84,c4,ca,01

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-02-21 13224]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-04-28 721904]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100320.001\IDSvix86.sys [2009-11-20 286768]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 13:08 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000Core.job
- c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 20:51]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1982227316-3750647242-2940710794-1000UA.job
- c:\users\G-Style\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 20:51]

2010-03-29 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - G-Style.job
- c:\program files\Norton Internet Security\Aplikace Norton AntiVirus\Navw32.exe [2008-02-07 06:05]

2010-03-31 c:\windows\Tasks\User_Feed_Synchronization-{9B4E73A3-966B-4A33-AC9B-6ED0733D777B}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_sk&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\G-Style\AppData\Roaming\Mozilla\Firefox\Profiles\egxhfduy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\G-Style\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\G-Style\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2676)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
Completion time: 2010-04-01 00:04:59
ComboFix-quarantined-files.txt 2010-03-31 22:04
ComboFix2.txt 2010-03-25 18:47

Pre-Run: Volných bajtů: 16 444 403 712
Post-Run: Volných bajtů: 16 402 780 160

- - End Of File - - 4FD3C39C3CF34820EE739B1DC6219A8D

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\DelDir.EXE

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Kód: Vybrat vše

http://www.virustotal.com/cs/analisis/df8fa9e267d0dad9b77f97ac6a90a31435f21a30fb94c4718276b5ba3ed9a3c5-1270211182

Jak to vypadá s PC

Tak po pravde Mozilla sa chová poslednú dobu divne .. ale to mnohí už potvrdili .. no a s tými prehrávačmi .. je možné že sa naskytol problém s napalovačkou .. čiže ju bude treba jedine vymeniť

Poprosím o nový log z RSIT.

VIRY.CZ

Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd

Re: Poprosím preventívnu kontrolu / mrznutie prehrávačov pre dvd