PLS o kontrolu, nejdu videa na youtube

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 17:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:57, on 14. 3. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program files\P4G\BatteryLife.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Student DOG\StudentDOG.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15187&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [StudentDOG] C:\Program Files\Student DOG\StudentDOG.exe -h
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 8039 bytes

Reklama

Damned · Příspěvekod **Damned** » 14 bře 2010 17:19

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 17:26

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3866
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14. 3. 2010 17:26:15
mbam-log-2010-03-14 (17-26-15).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 108987
Uplynutý cas: 4 minute(s), 38 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

Damned · Příspěvekod **Damned** » 14 bře 2010 17:28

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 18:10

ComboFix 10-03-13.03 - Kobra . 03. 2010 17:35:29.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3071.1981 [GMT 1:00]
Running from: c:\users\Kobra\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\program files\temp\HideWin.exe
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 16:41 . 2010-03-14 16:41 -------- d-----w- c:\users\Kobra\AppData\Local\temp
2010-03-14 16:41 . 2010-03-14 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 16:32 . 2010-03-14 16:32 -------- d-----w- C:\32788R22FWJFW
2010-03-14 12:13 . 2010-03-14 12:13 -------- d-----w- c:\program files\Common Files\Java
2010-03-13 23:11 . 2010-03-13 23:11 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2010-03-07 14:43 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-24 08:18 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 08:18 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 08:18 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:18 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-20 22:44 . 2010-02-20 22:44 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-02-20 22:44 . 2010-02-20 22:44 -------- d-----w- c:\program files\Hamachi
2010-02-20 20:57 . 2010-02-20 20:57 -------- d-----w- c:\users\Kobra\AppData\Local\Gas Powered Games
2010-02-20 18:19 . 2010-02-20 18:19 -------- d-----w- c:\programdata\CanonIJ
2010-02-20 18:03 . 2010-02-20 18:03 -------- d--h--w- c:\programdata\CanonIJEGV
2010-02-20 17:52 . 2010-02-20 17:52 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2010-02-18 18:53 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-02-18 18:46 . 1996-01-09 10:23 283648 ----a-w- c:\windows\uninst.exe
2010-02-17 21:37 . 2010-02-17 21:37 -------- d-----w- c:\users\Kobra\AppData\Local\ASUS
2010-02-17 15:13 . 2010-02-17 15:25 -------- d-----w- c:\program files\ICQ6.5
2010-02-17 13:25 . 2010-02-17 13:25 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-02-17 09:57 . 2010-02-17 09:57 -------- d-----w- c:\program files\Alcohol Soft
2010-02-14 21:36 . 2010-02-14 21:36 -------- d-----w- c:\program files\iPod
2010-02-14 21:36 . 2010-02-14 21:36 -------- d-----w- c:\program files\iTunes
2010-02-14 21:34 . 2010-02-14 21:34 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 16:41 . 2009-09-14 00:06 4808 ----a-w- c:\windows\system32\perfc01B.dat
2010-03-14 16:41 . 2009-09-14 00:06 14046 ----a-w- c:\windows\system32\perfh01B.dat
2010-03-14 16:34 . 2010-01-22 03:05 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-03-14 16:34 . 2009-09-11 14:06 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-03-14 16:33 . 2009-09-11 14:15 -------- d-----w- c:\users\Kobra\AppData\Roaming\ICQ
2010-03-14 12:13 . 2009-09-14 23:39 -------- d-----w- c:\program files\Java
2010-03-14 11:53 . 2009-10-14 22:13 -------- d-----w- c:\programdata\NOS
2010-03-14 00:36 . 2009-09-15 09:19 -------- d-----w- c:\users\Kobra\AppData\Roaming\uTorrent
2010-03-13 23:22 . 2010-01-22 04:02 114312 ----a-w- c:\users\Kobra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 22:50 . 2009-10-14 21:09 117760 ----a-w- c:\users\Kobra\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-13 20:44 . 2009-09-14 22:02 -------- d-----w- c:\program files\CCleaner
2010-03-13 20:17 . 2009-09-18 15:06 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-13 20:16 . 2009-09-18 15:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-12 18:38 . 2009-09-19 11:08 -------- d-----w- c:\users\Kobra\AppData\Roaming\Xfire
2010-03-12 15:59 . 2009-12-09 18:09 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-12 15:58 . 2009-08-23 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 15:58 . 2009-08-23 19:10 -------- d-----w- c:\program files\ASUS
2010-03-12 15:18 . 2009-09-19 11:08 -------- d-----w- c:\programdata\Xfire
2010-03-11 20:50 . 2009-09-19 11:08 -------- d-----w- c:\program files\Xfire
2010-03-10 21:25 . 2009-08-23 17:48 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 21:14 . 2009-11-16 18:39 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-03-09 18:42 . 2009-12-12 11:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-07 03:31 . 2009-11-21 18:42 -------- d-----w- c:\users\Kobra\AppData\Roaming\Hamachi
2010-03-06 12:04 . 2009-11-08 13:38 -------- d-----w- c:\users\Kobra\AppData\Roaming\Skype
2010-03-06 11:09 . 2009-11-08 13:39 -------- d-----w- c:\users\Kobra\AppData\Roaming\skypePM
2010-03-03 18:58 . 2009-09-15 09:21 -------- d-----w- c:\program files\uTorrent
2010-03-02 18:23 . 2009-10-14 21:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 08:16 . 2009-12-10 22:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 18:08 . 2009-12-09 18:09 -------- d-----w- c:\users\Kobra\AppData\Roaming\Canon
2010-02-20 17:51 . 2009-12-09 17:59 -------- d-----w- c:\program files\Canon
2010-02-18 17:05 . 2010-02-10 11:46 -------- d-----w- c:\program files\ICQ7.0
2010-02-17 12:09 . 2009-09-15 18:20 -------- d-----w- c:\program files\TC PowerPack
2010-02-17 12:09 . 2009-11-08 13:37 -------- d-----r- c:\program files\Skype
2010-02-17 12:07 . 2010-01-29 14:28 -------- d-----w- c:\program files\Ray Adams
2010-02-17 12:07 . 2010-01-24 13:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-17 12:01 . 2009-11-10 16:39 -------- d-----w- c:\program files\Steam
2010-02-17 11:06 . 2009-09-15 09:13 -------- d-----w- c:\program files\Common Files\Apple
2010-02-17 10:41 . 2009-12-19 23:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-17 10:40 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-02-17 10:03 . 2010-01-23 19:38 -------- d-----w- c:\program files\EVGA Precision
2010-02-17 09:24 . 2009-09-22 10:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-14 21:36 . 2009-09-15 09:14 -------- d-----w- c:\programdata\Apple Computer
2010-02-10 12:33 . 2010-02-10 11:33 -------- d-----w- c:\programdata\Tablet
2010-02-10 08:01 . 2010-02-10 08:01 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Common Files\Digidesign
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\programdata\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2010-02-10 08:00 . 2010-02-10 08:00 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-02-10 07:55 . 2010-02-10 07:55 -------- d-----w- c:\program files\Guitar Pro 5
2010-02-04 18:12 . 2010-02-04 18:12 -------- d-----w- c:\program files\Windows Virtual PC
2010-02-04 18:05 . 2010-02-04 18:02 -------- d-----w- c:\program files\Windows XP Mode
2010-02-04 02:41 . 2010-02-04 00:25 167050587 ----a-w- c:\programdata\Xfire\downloads\WoW-3.3.0.11159-to-3.3.2.11403-enUS-patch.exe
2010-01-30 09:52 . 2010-01-22 03:08 -------- d-----w- c:\programdata\NVIDIA
2010-01-29 18:46 . 2009-11-20 16:58 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-29 18:20 . 2009-10-14 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-29 16:37 . 2009-11-15 11:41 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-29 15:52 . 2010-01-29 15:52 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-01-26 21:30 . 2010-01-21 20:11 -------- d-----w- c:\users\Kobra\AppData\Roaming\TeamViewer
2010-01-24 14:32 . 2009-09-16 08:19 -------- d-----w- c:\users\Kobra\AppData\Roaming\HLSW
2010-01-24 13:30 . 2009-12-11 21:41 -------- d-----w- c:\program files\Norton Security Scan
2010-01-24 13:30 . 2009-08-23 18:04 -------- d-----w- c:\programdata\Norton
2010-01-23 23:37 . 2009-09-16 18:05 -------- d-----w- c:\users\Kobra\AppData\Roaming\Download Manager
2010-01-22 20:58 . 2009-11-23 14:44 -------- d-----w- c:\program files\ICQ6.521_57_49
2010-01-22 18:11 . 2010-01-22 18:11 62800 ----a-w- c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
2010-01-22 14:27 . 2009-12-13 14:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-22 03:41 . 2009-11-20 16:18 21412 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-22 03:22 . 2009-09-25 22:54 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-22 03:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-22 03:20 . 2009-08-23 19:45 -------- d-----w- c:\program files\SRS Labs
2010-01-22 03:20 . 2009-10-16 23:57 -------- d-----w- c:\program files\Sony
2010-01-22 03:20 . 2009-10-17 00:52 -------- d-----w- c:\program files\Sonic Foundry
2010-01-22 03:20 . 2009-09-16 17:37 -------- d-----w- c:\program files\Razer
2010-01-22 03:20 . 2009-10-17 00:53 -------- d-----w- c:\program files\Pixelan
2010-01-22 03:20 . 2009-10-17 00:52 -------- d-----w- c:\program files\Panopticum Lens Pro 3.5 For Vegas
2010-01-22 03:20 . 2009-08-23 19:32 -------- d-----w- c:\program files\P4G
2010-01-22 03:20 . 2009-10-17 00:55 -------- d-----w- c:\program files\NewBlue
2010-01-22 03:20 . 2009-09-15 20:41 -------- d-----w- c:\program files\Nero
2010-01-22 03:19 . 2009-12-12 11:24 -------- d-----w- c:\program files\MSECACHE
2010-01-22 03:19 . 2009-09-11 12:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-22 03:19 . 2009-09-11 12:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-22 03:19 . 2009-08-23 17:54 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 03:19 . 2009-08-23 17:53 -------- d-----w- c:\program files\Microsoft.NET
2010-01-22 03:19 . 2009-09-13 22:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 03:18 . 2009-10-20 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 03:18 . 2009-09-11 12:45 -------- d-----w- c:\program files\Microsoft
2010-01-22 03:18 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-01-22 03:18 . 2009-12-19 23:36 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-22 03:18 . 2009-12-10 21:36 -------- d-----w- c:\program files\Lingea
2010-01-22 03:18 . 2009-10-13 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-22 03:17 . 2009-08-23 18:15 -------- d-----w- c:\program files\Intel
2010-01-22 03:16 . 2009-09-16 08:19 -------- d-s---w- c:\program files\HLSW
2010-01-22 03:16 . 2009-09-17 11:47 -------- d-----w- c:\program files\GamePark
2010-01-22 03:16 . 2009-08-23 18:06 -------- d-----w- c:\program files\Google
2010-01-22 03:16 . 2010-01-03 12:28 -------- d-----w- c:\program files\Futuremark
2010-01-22 03:16 . 2009-08-23 19:46 -------- d-----w- c:\program files\Downloaded Installations
2010-01-22 03:16 . 2009-08-23 18:02 -------- d-----w- c:\program files\CyberLink
2010-01-22 03:16 . 2010-01-03 12:20 -------- d-----w- c:\program files\CPUID
2010-01-22 03:16 . 2009-09-11 12:44 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StudentDOG"="c:\program files\Student DOG\StudentDOG.exe" [2009-12-26 2278912]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Kobra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-3-5 3233168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-10-01 06:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-02-17 10:40 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-12-23 09:58 31072 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2009-03-27 16:52 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 01:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-04-02 04:05 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2009-01-13 10:10 3161760 ----a-w- c:\windows\System32\WTMKM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-20 19:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-08-18 07:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10 8452640 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-04-07 10:30 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-04-07 17:02 3405048 ----a-w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-10 16:40 1217808 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-02 18:23 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-04 05:15 218408 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-02-05 388768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-02 12872]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-02 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-02 66632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - ISODisk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ADSMTray - c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSConfigStartUp-ASUSGamerOSD - c:\program files\ASUS\GamerOSD\GamerOSD.exe
MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe
MSConfigStartUp-NSSInstallation - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Uninstall Adobe Download Manager - c:\program files\NOS\bin\getPlus_Helper.dll
MSConfigStartUp-WheelMouse - c:\program files\A4Tech\Mouse\Amoumain.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-14 17:43:50
ComboFix-quarantined-files.txt 2010-03-14 16:43

Pre-Run: 53 852 868 608 bytes free
Post-Run: 53 790 564 352 bytes free

- - End Of File - - 28094D8ACCFBF80CB5A8CDD9257F4768

Damned · Příspěvekod **Damned** » 14 bře 2010 18:33

Odinstaluj si vše od Nortona. Pokud tam máš WinAmp Toolbar, taky.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\emptyregdb.dat
c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
c:\windows\system32\Adobe\Shockwave 11\nssstub.exe

Folder::
c:\program files\Norton Security Scan
c:\programdata\Norton
c:\program files\Common Files\Symantec Shared

DDS::
uStart Page = hxxp://www.ask.com?o=15187&l=dis

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 18:56

ComboFix 10-03-13.03 - Kobra . 03. 2010 18:44:57.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3071.2257 [GMT 1:00]
Running from: c:\users\Kobra\Desktop\ComboFix.exe
Command switches used :: c:\users\Kobra\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll"
"c:\windows\system32\Adobe\Shockwave 11\nssstub.exe"
"c:\windows\system32\emptyregdb.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\programdata\Norton
c:\programdata\Norton\00000082\000000fb\000002c4\cltLMS1.dat
c:\programdata\Norton\00000082\000000fb\000002c4\cltLMS2.dat
c:\programdata\Norton\00000082\000000fb\cltupgrade.dat
c:\programdata\Norton\symdata.xml
c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
c:\windows\system32\acovcnt.exe
c:\windows\system32\emptyregdb.dat

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 17:51 . 2010-03-14 17:51 -------- d-----w- c:\users\Kobra\AppData\Local\temp
2010-03-14 17:51 . 2010-03-14 17:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 17:51 . 2010-03-14 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 17:40 . 2010-03-14 17:41 -------- d-----w- C:\32788R22FWJFW
2010-03-14 12:13 . 2010-03-14 12:13 -------- d-----w- c:\program files\Common Files\Java
2010-03-13 23:11 . 2010-03-13 23:11 -------- d-----w- c:\program files\Playlist Creator 3.6.2
2010-03-07 14:43 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-24 08:18 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 08:18 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 08:18 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:18 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-20 22:44 . 2010-02-20 22:44 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-02-20 22:44 . 2010-02-20 22:44 -------- d-----w- c:\program files\Hamachi
2010-02-20 20:57 . 2010-02-20 20:57 -------- d-----w- c:\users\Kobra\AppData\Local\Gas Powered Games
2010-02-20 18:19 . 2010-02-20 18:19 -------- d-----w- c:\programdata\CanonIJ
2010-02-20 18:03 . 2010-02-20 18:03 -------- d--h--w- c:\programdata\CanonIJEGV
2010-02-20 17:52 . 2010-02-20 17:52 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2010-02-18 18:53 . 1998-07-30 11:51 305152 ----a-w- c:\windows\IsUninst.exe
2010-02-18 18:46 . 1996-01-09 10:23 283648 ----a-w- c:\windows\uninst.exe
2010-02-17 21:37 . 2010-02-17 21:37 -------- d-----w- c:\users\Kobra\AppData\Local\ASUS
2010-02-17 15:13 . 2010-02-17 15:25 -------- d-----w- c:\program files\ICQ6.5
2010-02-17 13:25 . 2010-02-17 13:25 -------- d-----w- c:\program files\Common Files\EasyInfo
2010-02-17 09:57 . 2010-02-17 09:57 -------- d-----w- c:\program files\Alcohol Soft
2010-02-14 21:36 . 2010-02-14 21:36 -------- d-----w- c:\program files\iPod
2010-02-14 21:36 . 2010-02-14 21:36 -------- d-----w- c:\program files\iTunes
2010-02-14 21:34 . 2010-02-14 21:34 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 17:50 . 2009-09-14 00:06 4808 ----a-w- c:\windows\system32\perfc01B.dat
2010-03-14 17:50 . 2009-09-14 00:06 14046 ----a-w- c:\windows\system32\perfh01B.dat
2010-03-14 17:42 . 2010-01-22 03:05 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-03-14 17:42 . 2009-09-11 14:06 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-03-14 17:41 . 2009-09-11 14:15 -------- d-----w- c:\users\Kobra\AppData\Roaming\ICQ
2010-03-14 16:44 . 2009-09-19 11:08 -------- d-----w- c:\users\Kobra\AppData\Roaming\Xfire
2010-03-14 12:13 . 2009-09-14 23:39 -------- d-----w- c:\program files\Java
2010-03-14 11:53 . 2009-10-14 22:13 -------- d-----w- c:\programdata\NOS
2010-03-14 00:36 . 2009-09-15 09:19 -------- d-----w- c:\users\Kobra\AppData\Roaming\uTorrent
2010-03-13 23:22 . 2010-01-22 04:02 114312 ----a-w- c:\users\Kobra\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 22:50 . 2009-10-14 21:09 117760 ----a-w- c:\users\Kobra\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-13 20:44 . 2009-09-14 22:02 -------- d-----w- c:\program files\CCleaner
2010-03-13 20:17 . 2009-09-18 15:06 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-13 20:16 . 2009-09-18 15:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-12 15:59 . 2009-12-09 18:09 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-12 15:58 . 2009-08-23 18:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-12 15:58 . 2009-08-23 19:10 -------- d-----w- c:\program files\ASUS
2010-03-12 15:18 . 2009-09-19 11:08 -------- d-----w- c:\programdata\Xfire
2010-03-11 20:50 . 2009-09-19 11:08 -------- d-----w- c:\program files\Xfire
2010-03-10 21:25 . 2009-08-23 17:48 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 21:14 . 2009-11-16 18:39 -------- d-----w- c:\program files\FreeRapid-0.83u1
2010-03-09 18:42 . 2009-12-12 11:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-07 03:31 . 2009-11-21 18:42 -------- d-----w- c:\users\Kobra\AppData\Roaming\Hamachi
2010-03-06 12:04 . 2009-11-08 13:38 -------- d-----w- c:\users\Kobra\AppData\Roaming\Skype
2010-03-06 11:09 . 2009-11-08 13:39 -------- d-----w- c:\users\Kobra\AppData\Roaming\skypePM
2010-03-03 18:58 . 2009-09-15 09:21 -------- d-----w- c:\program files\uTorrent
2010-03-02 18:23 . 2009-10-14 21:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 08:16 . 2009-12-10 22:20 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 18:08 . 2009-12-09 18:09 -------- d-----w- c:\users\Kobra\AppData\Roaming\Canon
2010-02-20 17:51 . 2009-12-09 17:59 -------- d-----w- c:\program files\Canon
2010-02-18 17:05 . 2010-02-10 11:46 -------- d-----w- c:\program files\ICQ7.0
2010-02-17 12:09 . 2009-09-15 18:20 -------- d-----w- c:\program files\TC PowerPack
2010-02-17 12:09 . 2009-11-08 13:37 -------- d-----r- c:\program files\Skype
2010-02-17 12:07 . 2010-01-29 14:28 -------- d-----w- c:\program files\Ray Adams
2010-02-17 12:07 . 2010-01-24 13:46 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-17 12:01 . 2009-11-10 16:39 -------- d-----w- c:\program files\Steam
2010-02-17 11:06 . 2009-09-15 09:13 -------- d-----w- c:\program files\Common Files\Apple
2010-02-17 10:41 . 2009-12-19 23:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-17 10:40 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2010-02-17 10:03 . 2010-01-23 19:38 -------- d-----w- c:\program files\EVGA Precision
2010-02-17 09:24 . 2009-09-22 10:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-14 21:36 . 2009-09-15 09:14 -------- d-----w- c:\programdata\Apple Computer
2010-02-10 12:33 . 2010-02-10 11:33 -------- d-----w- c:\programdata\Tablet
2010-02-10 08:01 . 2010-02-10 08:01 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Common Files\Digidesign
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\program files\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- d-----w- c:\programdata\Native Instruments
2010-02-10 08:00 . 2010-02-10 08:00 -------- dc-h--w- c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
2010-02-10 08:00 . 2010-02-10 08:00 -------- dc-h--w- c:\programdata\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2010-02-10 07:55 . 2010-02-10 07:55 -------- d-----w- c:\program files\Guitar Pro 5
2010-02-04 18:12 . 2010-02-04 18:12 -------- d-----w- c:\program files\Windows Virtual PC
2010-02-04 18:05 . 2010-02-04 18:02 -------- d-----w- c:\program files\Windows XP Mode
2010-02-04 02:41 . 2010-02-04 00:25 167050587 ----a-w- c:\programdata\Xfire\downloads\WoW-3.3.0.11159-to-3.3.2.11403-enUS-patch.exe
2010-01-30 09:52 . 2010-01-22 03:08 -------- d-----w- c:\programdata\NVIDIA
2010-01-29 18:46 . 2009-11-20 16:58 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-29 18:20 . 2009-10-14 21:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-29 16:37 . 2009-11-15 11:41 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-29 15:52 . 2010-01-29 15:52 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-01-26 21:30 . 2010-01-21 20:11 -------- d-----w- c:\users\Kobra\AppData\Roaming\TeamViewer
2010-01-24 14:32 . 2009-09-16 08:19 -------- d-----w- c:\users\Kobra\AppData\Roaming\HLSW
2010-01-23 23:37 . 2009-09-16 18:05 -------- d-----w- c:\users\Kobra\AppData\Roaming\Download Manager
2010-01-22 20:58 . 2009-11-23 14:44 -------- d-----w- c:\program files\ICQ6.521_57_49
2010-01-22 03:22 . 2009-09-25 22:54 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-22 03:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-22 03:21 . 2009-09-15 09:26 -------- d-----w- c:\program files\Windows Mobile Device Handbook
2010-01-22 03:21 . 2009-09-11 12:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-22 03:21 . 2009-09-11 12:45 -------- d-----w- c:\program files\Windows Live
2010-01-22 03:21 . 2009-12-12 11:25 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-01-22 03:21 . 2009-09-15 09:05 -------- d-----w- c:\program files\Winamp
2010-01-22 03:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-01-22 03:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-01-22 03:21 . 2009-10-18 17:59 -------- d-----w- c:\program files\Trend Micro
2010-01-22 03:21 . 2009-08-23 19:16 -------- d-----w- c:\program files\WIDCOMM
2010-01-22 03:21 . 2009-09-15 09:16 -------- d-----w- c:\program files\The KMPlayer
2010-01-22 03:21 . 2010-01-21 20:10 -------- d-----w- c:\program files\TeamViewer
2010-01-22 03:21 . 2010-01-05 12:39 -------- d-----w- c:\program files\Student DOG
2010-01-22 03:20 . 2009-08-23 19:45 -------- d-----w- c:\program files\SRS Labs
2010-01-22 03:20 . 2009-10-16 23:57 -------- d-----w- c:\program files\Sony
2010-01-22 03:20 . 2009-10-17 00:52 -------- d-----w- c:\program files\Sonic Foundry
2010-01-22 03:20 . 2009-09-16 17:37 -------- d-----w- c:\program files\Razer
2010-01-22 03:20 . 2009-10-17 00:53 -------- d-----w- c:\program files\Pixelan
2010-01-22 03:20 . 2009-10-17 00:52 -------- d-----w- c:\program files\Panopticum Lens Pro 3.5 For Vegas
2010-01-22 03:20 . 2009-08-23 19:32 -------- d-----w- c:\program files\P4G
2010-01-22 03:20 . 2009-10-17 00:55 -------- d-----w- c:\program files\NewBlue
2010-01-22 03:20 . 2009-09-15 20:41 -------- d-----w- c:\program files\Nero
2010-01-22 03:19 . 2009-12-12 11:24 -------- d-----w- c:\program files\MSECACHE
2010-01-22 03:19 . 2009-09-11 12:46 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-22 03:19 . 2009-09-11 12:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-22 03:19 . 2009-08-23 17:54 -------- d-----w- c:\program files\Microsoft Works
2010-01-22 03:19 . 2009-08-23 17:53 -------- d-----w- c:\program files\Microsoft.NET
2010-01-22 03:19 . 2009-09-13 22:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-22 03:18 . 2009-10-20 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 03:18 . 2009-09-11 12:45 -------- d-----w- c:\program files\Microsoft
2010-01-22 03:18 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-01-22 03:18 . 2009-12-19 23:36 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-22 03:18 . 2009-12-10 21:36 -------- d-----w- c:\program files\Lingea
2010-01-22 03:18 . 2009-10-13 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-22 03:17 . 2009-08-23 18:15 -------- d-----w- c:\program files\Intel
2010-01-22 03:16 . 2009-09-16 08:19 -------- d-s---w- c:\program files\HLSW
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-14_16.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-22 12:02 . 2010-03-14 17:44 39286 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-03-14 17:44 45052 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-22 03:07 . 2010-03-14 17:42 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-22 03:07 . 2010-03-14 16:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-22 03:07 . 2010-03-14 17:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-22 03:07 . 2010-03-14 16:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-03-14 17:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-03-14 16:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-22 03:44 . 2010-03-14 14:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-22 03:44 . 2010-03-14 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-22 03:44 . 2010-03-14 16:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-22 03:44 . 2010-03-14 17:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-22 03:44 . 2010-03-14 14:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-22 03:44 . 2010-03-14 17:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-22 12:02 . 2010-03-14 17:44 7622 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1659499902-571405069-1291439205-1000_UserData.bin
- 2010-01-22 03:37 . 2010-03-14 16:33 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-01-22 03:37 . 2010-03-14 17:41 3279 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-03-14 17:42 . 2010-03-14 17:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-14 16:33 . 2010-03-14 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-14 16:33 . 2010-03-14 16:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-14 17:42 . 2010-03-14 17:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-03-14 16:41 607728 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-03-14 17:50 607728 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-03-14 16:41 104106 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-03-14 17:50 104106 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-03-14 13:35 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-03-14 17:34 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StudentDOG"="c:\program files\Student DOG\StudentDOG.exe" [2009-12-26 2278912]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"Habu"="c:\program files\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]

c:\users\Kobra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-3-5 3233168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
2008-10-01 06:02 851968 ----a-w- c:\program files\ASUS\Splendid\ACMON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2010-02-17 10:40 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-12-23 09:58 31072 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2009-03-27 16:52 159744 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 01:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2009-07-14 01:14 144384 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-04-02 04:05 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2009-01-13 10:10 3161760 ----a-w- c:\windows\System32\WTMKM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 15:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-11-20 19:33 12685928 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-08-18 07:58 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10 8452640 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-04-07 10:30 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-04-07 17:02 3405048 ----a-w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-10 16:40 1217808 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-03-02 18:23 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-04 05:15 218408 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-17 691696]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-02-05 388768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-02 12872]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-02 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-02 66632]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-04-07 70880]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-05-11 64544]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - ISODisk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\Kobra\AppData\Roaming\Mozilla\Firefox\Profiles\73mp7gaq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-14 18:53:04
ComboFix-quarantined-files.txt 2010-03-14 17:53
ComboFix2.txt 2010-03-14 16:43

Pre-Run: 53 660 020 736 bytes free
Post-Run: 53 592 612 864 bytes free

- - End Of File - - 102EEE8DD8D471DAD375147AFD868849

Damned · Příspěvekod **Damned** » 14 bře 2010 19:07

Vypni si body obnovení a po chvíli si je opět zapni.

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \acovcnt.exe /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 19:15

Volume in drive C is Programy
Volume Serial Number is FEBC-EA32

Directory of C:\Windows\System32

14. 03. 2010 18:54 45˙056 acovcnt.exe
1 File(s) 45˙056 bytes

Damned · Příspěvekod **Damned** » 14 bře 2010 19:20

1. Vypni si body obnovení.
2. Smaž soubor: C:\Windows\System32\acovcnt.exe
3.Vysypej Koš
4. Zapni si body obnovení.
5. Zopakuj find.bat a vlož mi sem log

Kobra.svk · Příspěvekod **Kobra.svk** » 14 bře 2010 19:24

Volume in drive C is Programy
Volume Serial Number is FEBC-EA32

Damned · Příspěvekod **Damned** » 14 bře 2010 19:34

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

PLS o kontrolu, nejdu videa na youtube Vyřešeno

PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Re: PLS o kontrolu, nejdu videa na youtube

Kdo je online