Pomalý notebook

Zpráva

Karpi · #1 Příspěvek od **Karpi** » 09 zář 2011 15:27

Dobrý den, prosím o pomoc s mým notebookem, který se chová nestandartně. Je podezřele pomalý a při pokusu o scan Combofixem v normálním režimu CF hrozně dlouho přemýšlí a před scanem 50-ti fází se ukončí. Při nouzovém režimu většinou vždy něco najde a smaže (viz níže poslední log). Ještě Vám posílám log z RSIT po následném restartu do normálního režimu. Děkuji.

A zde nejprve log z CF při nouzovém režimu:

ComboFix 11-09-09.03 - Pavel 09.09.2011 14:27:20.9.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2909.2395 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\host32.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-09 do 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 12:33 . 2011-09-09 12:33 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2011-09-09 12:33 . 2011-09-09 12:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-09 12:33 . 2011-09-09 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-09 11:22 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5562C0BB-DC1B-435A-8E82-548F207EE832}\mpengine.dll
2011-09-09 09:38 . 2011-09-09 09:38 -------- d-----w- c:\program files\Application Updater
2011-09-09 09:38 . 2011-09-09 09:38 -------- d-----w- c:\program files\pdfforge Toolbar
2011-09-05 00:50 . 2011-09-05 00:50 -------- d-----w- C:\Driver Genius Professional Edition v10.0.0.761 Full
2011-08-31 16:15 . 2011-08-31 16:15 -------- d-----w- c:\users\Pavel\dwhelper
2011-08-31 16:02 . 2011-08-30 19:40 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-31 16:02 . 2011-08-30 19:40 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-23 20:51 . 2011-08-23 20:51 -------- d-----w- c:\program files\Xmarks
2011-08-23 20:42 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 08:04 . 2011-09-01 11:19 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-08-23 08:04 . 2011-09-01 11:18 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-12 22:14 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-12 22:14 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-12 22:14 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 11:29 . 2011-01-17 10:00 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-22 14:50 . 2011-06-11 23:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:27 . 2011-08-10 08:50 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-26 11:22 . 2011-06-26 11:22 306320 ----a-w- c:\windows\system32\drivers\trufos.sys
2011-06-26 10:58 . 2011-06-26 10:20 531453 ----a-w- c:\programdata\bdinstall.bin
2011-06-24 04:27 . 2011-08-10 08:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 08:50 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-22 13:23 . 2011-05-17 10:16 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-21 05:34 . 2011-08-10 08:56 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:55 . 2011-08-10 08:44 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55 . 2011-08-10 08:44 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55 . 2011-08-10 08:44 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55 . 2011-08-10 08:44 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55 . 2011-08-10 08:44 122880 ----a-w- c:\windows\system32\odbccp32.dll
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-09-08 14:27 . 2011-03-24 19:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-08_18.52.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-22 18:58 . 2011-09-09 09:33 48540 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-11-22 18:58 . 2011-09-08 14:03 48540 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-09-08 14:03 45796 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-09-08 18:57 45796 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-22 18:40 . 2011-09-08 18:57 12146 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3428016309-3300944329-2546531116-1001_UserData.bin
+ 2010-11-22 18:30 . 2011-09-09 09:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-22 18:30 . 2011-09-08 14:02 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-22 18:30 . 2011-09-09 09:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-22 18:30 . 2011-09-08 14:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2011-09-09 09:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-09-08 14:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 09:38 . 2011-09-09 09:38 53248 c:\windows\Installer\{E6098043-1183-4580-89EF-423CBF807188}\ARPPRODUCTICON.exe
- 2011-09-08 18:43 . 2011-09-08 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-09 12:15 . 2011-09-09 12:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-09 12:15 . 2011-09-09 12:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-08 18:43 . 2011-09-08 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:47 . 2011-09-08 18:42 390376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-09-09 12:13 390376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-09 09:37 . 2011-09-09 09:37 2479616 c:\windows\Installer\5dca6.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-16 1996072]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-26 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-26 1451928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"TaskTray"=
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-12 691696]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 72784]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 88144]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-01 1526080]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-26 43936]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 535824]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1066232]
R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\18CD.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-19 7087616]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 307544]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-05-26 317728]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18CD.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vrfIyq7KygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-09-09 14:34:56
ComboFix-quarantined-files.txt 2011-09-09 12:34
ComboFix2.txt 2011-09-09 09:30
ComboFix3.txt 2011-09-08 20:49
ComboFix4.txt 2011-09-08 18:53
ComboFix5.txt 2011-09-09 11:32
.
Před spuštěním: Volných bajtů: 214 372 134 912
Po spuštění: Volných bajtů: 214 296 682 496
.
- - End Of File - - 9B16E5720CE48B29712CE742A4915BBA

Karpi · #2 Příspěvek od **Karpi** » 09 zář 2011 15:28

A zde log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2011-09-09 14:57:31
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 204 GB (67%) free of 305 GB
Total RAM: 2909 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:08, on 9.9.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Pavel\Desktop\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
O4 - Startup: Dropbox.lnk = Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - C:\Users\Pavel\AppData\Local\Temp\f5tmp\cachecleaner.cab
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - C:\Users\Pavel\AppData\Local\Temp\f5tmp\f5tunsrv.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\Users\Pavel\AppData\Local\Temp\f5tmp\InstallerControl.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - C:\Users\Pavel\AppData\Local\Temp\f5tmp\urxshost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:\Users\Pavel\AppData\Local\Temp\f5tmp\urxhost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O2Micro Flash Memory Card Service (O2FLASH) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10927 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, foxmarks@kei.com:3.9.5, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {3191E4CE-790E-42be-B2E0-223475263B7E}:6031.2010.0617.2002, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178, pdfforge@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {DBBB3167-6E81-400f-BBFD-BD8921726F52}:6031.2010.0617.2004, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =827316&p="

"FFToolbar@bitdefender.com"=C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPuroamHost.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default\extensions\
foxmarks@kei.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default\searchplugins\
bing.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C} - Bitdefender Toolbar - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll [2011-06-26 161368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2009-04-10 417792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-06 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-06 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-06 151064]
"HDMICtrlMan"=C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [2009-08-03 832856]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-16 1996072]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-01-27 585728]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe [2011-06-26 92352]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe [2011-06-26 1451928]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-07-19 421736]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"SearchSettings"=C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-08-17 534880]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Xmarks"=C:\Program Files\Xmarks\IE Extension\xmarkssync.exe [2011-08-19 1121832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-07-21 216576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-07 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-09-09 14:57:33 ----D---- C:\Program Files\trend micro
2011-09-09 14:57:31 ----D---- C:\rsit
2011-09-09 14:34:59 ----SHD---- C:\$RECYCLE.BIN
2011-09-09 14:34:58 ----D---- C:\Windows\temp
2011-09-09 14:34:57 ----A---- C:\ComboFix.txt
2011-09-09 11:38:16 ----D---- C:\Program Files\pdfforge Toolbar
2011-09-09 11:38:16 ----D---- C:\Program Files\Application Updater
2011-09-08 20:43:35 ----A---- C:\Windows\ntbtlog.txt
2011-09-05 02:50:34 ----D---- C:\Driver Genius Professional Edition v10.0.0.761 Full
2011-08-23 22:51:59 ----D---- C:\Program Files\Xmarks
2011-08-23 22:42:03 ----A---- C:\Windows\system32\tzres.dll
2011-08-23 10:04:16 ----A---- C:\Windows\system32\uxtuneup.dll
2011-08-23 10:04:16 ----A---- C:\Windows\system32\authuitu.dll
2011-08-13 11:40:53 ----A---- C:\Windows\system32\mshtmled.dll
2011-08-13 11:40:53 ----A---- C:\Windows\system32\iertutil.dll
2011-08-13 11:40:52 ----A---- C:\Windows\system32\jscript.dll
2011-08-13 11:40:52 ----A---- C:\Windows\system32\ieui.dll
2011-08-13 11:40:51 ----A---- C:\Windows\system32\wininet.dll
2011-08-13 11:40:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-08-13 11:40:51 ----A---- C:\Windows\system32\jscript9.dll
2011-08-13 11:40:50 ----A---- C:\Windows\system32\urlmon.dll
2011-08-13 11:40:50 ----A---- C:\Windows\system32\url.dll
2011-08-13 11:40:50 ----A---- C:\Windows\system32\ieframe.dll
2011-08-13 11:40:49 ----A---- C:\Windows\system32\mshtml.dll
2011-08-13 00:14:43 ----A---- C:\Windows\system32\xmllite.dll
2011-08-13 00:14:41 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-08-13 00:14:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-08-13 00:14:35 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-08-10 10:56:23 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-08-10 10:50:45 ----A---- C:\Windows\system32\kernel32.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-10 10:50:44 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 10:50:44 ----A---- C:\Windows\system32\winsrv.dll
2011-08-10 10:50:44 ----A---- C:\Windows\system32\KernelBase.dll
2011-08-10 10:50:44 ----A---- C:\Windows\system32\conhost.exe
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 10:50:43 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 10:50:42 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-10 10:44:34 ----A---- C:\Windows\system32\odbctrac.dll
2011-08-10 10:44:34 ----A---- C:\Windows\system32\odbcjt32.dll
2011-08-10 10:44:34 ----A---- C:\Windows\system32\odbccu32.dll
2011-08-10 10:44:34 ----A---- C:\Windows\system32\odbccr32.dll
2011-08-10 10:44:34 ----A---- C:\Windows\system32\odbccp32.dll

======List of files/folders modified in the last 1 month======

2011-09-09 14:57:34 ----D---- C:\Windows\Prefetch
2011-09-09 14:57:33 ----D---- C:\Program Files
2011-09-09 14:56:41 ----D---- C:\Windows\system32\config
2011-09-09 14:55:57 ----D---- C:\Users\Pavel\AppData\Roaming\Dropbox
2011-09-09 14:34:58 ----D---- C:\Windows\system32\drivers
2011-09-09 14:34:58 ----D---- C:\Windows
2011-09-09 14:34:58 ----D---- C:\Qoobox
2011-09-09 14:33:55 ----A---- C:\Windows\system.ini
2011-09-09 14:33:50 ----D---- C:\Windows\system32\drivers\etc
2011-09-09 14:32:11 ----D---- C:\Windows\System32
2011-09-09 14:32:11 ----D---- C:\Windows\AppPatch
2011-09-09 14:32:10 ----D---- C:\Program Files\Common Files
2011-09-09 14:13:49 ----A---- C:\bdlog.txt
2011-09-09 13:10:11 ----D---- C:\Windows\rescache
2011-09-09 11:38:21 ----SHD---- C:\Windows\Installer
2011-09-09 11:38:16 ----D---- C:\Program Files\Common Files\Spigot
2011-09-08 21:00:20 ----SHD---- C:\System Volume Information
2011-09-08 16:34:16 ----D---- C:\Program Files\Mozilla Firefox
2011-09-08 16:00:49 ----D---- C:\Windows\system32\catroot
2011-09-08 15:59:38 ----D---- C:\Windows\inf
2011-09-08 15:57:49 ----D---- C:\Windows\system32\DriverStore
2011-09-08 15:57:19 ----D---- C:\Program Files\Toshiba
2011-09-08 15:56:06 ----D---- C:\Windows\system32\catroot2
2011-09-08 14:17:17 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-09-08 14:12:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-05 02:51:21 ----D---- C:\Program Files\Driver-Soft
2011-09-05 02:44:48 ----D---- C:\Windows\debug
2011-09-05 02:39:30 ----D---- C:\Users\Pavel\AppData\Roaming\uTorrent
2011-09-05 02:35:38 ----D---- C:\ProgramData\Microsoft
2011-09-01 13:29:56 ----A---- C:\Windows\system32\TURegOpt.exe
2011-08-31 22:00:03 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2011-08-31 21:20:51 ----D---- C:\Users\Pavel\AppData\Roaming\skypePM
2011-08-23 22:53:34 ----D---- C:\Windows\winsxs
2011-08-23 22:53:25 ----D---- C:\Windows\system32\cs-CZ
2011-08-22 13:57:07 ----D---- C:\Windows\Microsoft.NET
2011-08-22 13:57:04 ----RSD---- C:\Windows\assembly
2011-08-21 21:46:57 ----D---- C:\Users\Pavel\AppData\Roaming\dvdcss
2011-08-20 23:23:03 ----D---- C:\Windows\system32\migration
2011-08-20 23:23:03 ----D---- C:\Program Files\Internet Explorer
2011-08-13 11:42:17 ----D---- C:\ProgramData\Microsoft Help
2011-08-13 11:39:02 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2011-03-24 353096]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-01-12 691696]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 72784]
R1 bdfwfpf;bdfwfpf; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 88144]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\Windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2011-06-26 306320]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
R3 bdfm;BDFM; C:\Windows\system32\DRIVERS\bdfm.sys [2010-05-13 152528]
R3 bdselfpr;bdselfpr; \??\C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys [2011-07-03 122552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-08-02 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-08-02 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-07-21 5924864]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
R3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETwNs32.sys [2011-01-19 7087616]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-11-23 47360]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-16 1320752]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2010-04-07 171240]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2010-06-18 15160]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2010-05-13 50232]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2009-04-10 17960]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-08-02 660480]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys [2010-11-29 535824]
S3 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys [2010-11-29 1066232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 catchme;catchme; \??\C:\Users\Pavel\AppData\Local\Temp\catchme.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\18CD.tmp []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
S3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 53760]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 O2FLASH;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-01 1526080]
R2 Updatesrv;BitDefender Desktop Update Service; C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-26 43936]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe [2011-06-26 2090016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 821096]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-04-12 152944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Update Server;BitDefender Update Server v2; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 307544]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]

-----------------EOF-----------------

#3 Příspěvek od **motji** » 09 zář 2011 16:34

Hezké odpoledne

.
Kdo Vám doporučil combofix?

Karpi · #4 Příspěvek od **Karpi** » 09 zář 2011 17:23

Ten už používám více či méně preventivně asi 2 roky. Pouze v "automatickém" režimu, bez scriptů. A nedávno i jeden z vás pro kontrolu jiného počítače... Počítačům se věnuji už asi 20 let, tak už něco znám. Ale rootkity a podobné nestandartní viry jsou pro mně oříškem. Co tedy navrhujete? Vrtá mi hlavou, proč nefunguje CF po normálním startu Windows 7 a proč zafunguje v nouzáku.

Karpi · #5 Příspěvek od **Karpi** » 09 zář 2011 17:27

Abych ušetřil čas, zde rychlý scan ještě z GMERu.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-09 18:25:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV010M
Running: gmer.exe; Driver: C:\Users\Pavel\AppData\Local\Temp\kwddraog.sys

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854691F8
Device \Driver\atapi \Device\Ide\IdePort0 854691F8
Device \Driver\atapi \Device\Ide\IdePort1 854691F8
Device \Driver\atapi \Device\Ide\IdePort2 854691F8
Device \Driver\atapi \Device\Ide\IdePort3 854691F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854691F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8546A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8546A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8546A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8546A1F8
Device \Driver\apwmoq2o \Device\Scsi\apwmoq2o1Port5Path0Target0Lun0 869E61F8
Device \Driver\apwmoq2o \Device\Scsi\apwmoq2o1 869E61F8
Device \FileSystem\Ntfs \Ntfs 8546C1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 Příspěvek od **motji** » 09 zář 2011 20:32

Když už jste spustil gmer, poprosím ještě o druhý sken a log.

Karpi · #7 Příspěvek od **Karpi** » 09 zář 2011 23:49

Mám ho, ale píše mi to, že má zpráva obsahuje 1252375 znaků a povolený počet znaků je 80000.
Tak ho zkouším přiložit jako soubor a přípona LOG ani TXT není povolena...

#8 Příspěvek od **motji** » 09 zář 2011 23:50

Dejte ho do raru a upněte zde jako přílohu

Karpi · #9 Příspěvek od **Karpi** » 10 zář 2011 10:38

To mě nenapadlo... Hotovo.

#10 Příspěvek od **motji** » 10 zář 2011 11:05

Kromě zbytečných toolbarů nic škodlivého nevidím.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Karpi · #11 Příspěvek od **Karpi** » 10 zář 2011 14:00

Hmm, vypadá to, že máte pravdu. Poté, co jsem odinstaloval BitDefender antivirus, tak se i spuštění CF chová korektně...
I když jsem před tím před spuštěním CF v BitDefenderovi vypnul rezidentní ochranu, tak asi to stále nějak blokoval.
Děkuji Vám za pomoc.

#12 Příspěvek od **motji** » 10 zář 2011 16:45

Ještě něco domažeme.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files\Common Files\Spigot
C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater

Firefox::
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =827316&p=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Karpi · #13 Příspěvek od **Karpi** » 10 zář 2011 18:41

OK, ten script v ComboFixu jsem udělám, zde je ten log z MBAM:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7689

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.9.2011 19:41:04
mbam-log-2011-09-10 (19-40-58).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 306493
Uplynulý čas: 1 hodin, 26 minut, 3 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> No action taken.

Karpi · #14 Příspěvek od **Karpi** » 10 zář 2011 19:04

A zde je i požadovaný log z CF se scriptem:

ComboFix 11-09-10.02 - Pavel 10.09.2011 19:49:53.14.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2909.2061 [GMT 2:00]
Spuštěný z: c:\users\Pavel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel\Desktop\CFScript.txt
AV: Antivirus *Disabled/Updated* {7AEBA989-5B48-9A16-D793-B6BEFDD44C7C}
FW: Firewall *Disabled* {42D028AC-1127-9B4E-FCCC-1F8B03070B07}
SP: Antivirus *Disabled/Updated* {C18A486D-7D72-9598-ED23-8DCC865306C1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\pdfforge Toolbar
c:\program files\pdfforge Toolbar\FF\chrome.manifest
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\chevron.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\login.js
c:\program files\pdfforge Toolbar\FF\chrome\content\login.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\parser.js
c:\program files\pdfforge Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.js
c:\program files\pdfforge Toolbar\FF\chrome\content\searchbox.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\utils.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgicomm.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgihandling.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgichevron.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\pdfforge Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\pdfforge Toolbar\FF\chrome\content\widgiui.js
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\pdfforge Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_icon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-button.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\searchbox.css
c:\program files\pdfforge Toolbar\FF\chrome\skin\splitter.gif
c:\program files\pdfforge Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\pdfforge Toolbar\FF\install.rdf
c:\program files\pdfforge Toolbar\IE\4.6\config.ini
c:\program files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll
c:\program files\pdfforge Toolbar\Res\amazon.gif
c:\program files\pdfforge Toolbar\Res\ebay.gif
c:\program files\pdfforge Toolbar\Res\icon_settings.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding.gif
c:\program files\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\program files\pdfforge Toolbar\Res\pdfc_icon.gif
c:\program files\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\program files\pdfforge Toolbar\Res\search-button-hover.gif
c:\program files\pdfforge Toolbar\Res\search-button.gif
c:\program files\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\program files\pdfforge Toolbar\Res\search-chevron.gif
c:\program files\pdfforge Toolbar\Res\search_amazon.gif
c:\program files\pdfforge Toolbar\Res\search_ebay.gif
c:\program files\pdfforge Toolbar\Res\search_yahoo.gif
c:\program files\pdfforge Toolbar\Res\widgets.xml
c:\program files\pdfforge Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-10 do 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 17:56 . 2011-09-10 17:58 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2011-09-10 17:56 . 2011-09-10 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-10 17:56 . 2011-09-10 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 13:12 . 2011-09-10 13:12 -------- d-----w- c:\users\Pavel\AppData\Roaming\Malwarebytes
2011-09-10 13:12 . 2011-09-10 13:12 -------- d-----w- c:\programdata\Malwarebytes
2011-09-10 13:12 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-10 13:12 . 2011-09-10 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-10 13:12 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-10 12:48 . 2011-08-16 11:23 27168 ----a-w- c:\windows\system32\tpnative.exe
2011-09-10 12:48 . 2011-08-16 11:23 43624 ----a-w- c:\windows\system32\drivers\tpsec.sys
2011-09-10 12:48 . 2011-08-16 11:22 193920 ----a-w- c:\windows\system32\avinspect.dll
2011-09-10 12:48 . 2011-08-16 11:21 30992 ----a-w- c:\windows\system32\drivers\tpdevflt.sys
2011-09-10 12:48 . 2011-08-16 11:21 40720 ----a-w- c:\windows\system32\drivers\tdifw.sys
2011-09-10 12:48 . 2011-08-16 11:21 37648 ----a-w- c:\windows\system32\drivers\avasdmft.sys
2011-09-10 12:46 . 2011-09-10 12:47 -------- d-----w- c:\program files\TrustPort
2011-09-09 12:57 . 2011-09-09 12:58 -------- d-----w- c:\program files\trend micro
2011-09-09 12:57 . 2011-09-09 12:59 -------- d-----w- C:\rsit
2011-09-09 11:22 . 2011-08-16 06:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5562C0BB-DC1B-435A-8E82-548F207EE832}\mpengine.dll
2011-09-05 00:50 . 2011-09-05 00:50 -------- d-----w- C:\Driver Genius Professional Edition v10.0.0.761 Full
2011-08-31 16:15 . 2011-08-31 16:15 -------- d-----w- c:\users\Pavel\dwhelper
2011-08-31 16:02 . 2011-08-30 19:40 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-31 16:02 . 2011-08-30 19:40 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-23 20:51 . 2011-08-23 20:51 -------- d-----w- c:\program files\Xmarks
2011-08-23 20:42 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 08:04 . 2011-09-01 11:19 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-08-23 08:04 . 2011-09-01 11:18 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-12 22:14 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-12 22:14 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-12 22:14 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 23:22 . 2011-06-26 10:20 836647 ----a-w- c:\programdata\bdinstall.bin
2011-09-01 11:29 . 2011-01-17 10:00 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-22 14:50 . 2011-06-11 23:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-16 04:27 . 2011-08-10 08:50 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 08:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-06-24 04:27 . 2011-08-10 08:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 08:50 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-22 13:23 . 2011-05-17 10:16 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-21 05:34 . 2011-08-10 08:56 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:55 . 2011-08-10 08:44 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55 . 2011-08-10 08:44 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55 . 2011-08-10 08:44 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55 . 2011-08-10 08:44 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55 . 2011-08-10 08:44 122880 ----a-w- c:\windows\system32\odbccp32.dll
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2011-09-08 14:27 . 2011-03-24 19:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-16 1996072]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"AntivirusCommunicatorAgent"="c:\program files\TrustPort\Antivirus\bin\avcom.exe" [2011-08-16 880912]
"TrustPortDiskProtectionWatchDog"="c:\program files\TrustPort\DiskProtection\bin\TDWatch.exe" [2011-08-16 217360]
"TrustPortTray"="c:\program files\Common Files\TrustPort\Bin\tptray.exe" [2011-08-16 872720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90120000-0030-0000-0000-0000000FF1CE}"="del" [X]
.
c:\users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pavel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avinspect.dll c:\windows\System32\avinspect.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tpnative
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dsio;TrustPort Raw IO Driver;c:\program files\Common Files\TrustPort\bin\dsio.sys [2011-08-16 16656]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\18CD.tmp [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-12 691696]
S0 tpdevflt;TrustPort Device Filter;c:\windows\System32\DRIVERS\tpdevflt.sys [2011-08-16 30992]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S1 tdimapper;TrustPort TDI port to process mapper;c:\program files\TrustPort\PersonalFirewall\bin\tdimapper.sys [2011-08-16 18704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 EncDisk;EncDisk;c:\program files\TrustPort\DiskProtection\bin\EncDsk.sys [2011-08-16 55568]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 tdifw;TrustPort PGTW driver;c:\windows\system32\drivers\tdifw.sys [2011-08-16 40720]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S2 tpmgma_service;TrustPort Core Service;c:\program files\Common Files\TrustPort\bin\tpmgma.exe [2011-08-16 437000]
S2 tpsec;TrustPort Security Filter;c:\windows\system32\drivers\tpsec.sys [2011-08-16 43624]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-01 1526080]
S2 wipesrv;TrustPort DataShredder Wipe Service;c:\program files\TrustPort\DataShredder\bin\wipesrv.exe [2011-08-16 274704]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 avas_service;TrustPort Antivirus On-Access Scanner Agent;c:\program files\TrustPort\Antivirus\bin\avas.exe [2011-08-16 504080]
S3 avasdmft;TrustPort Antivirus On-Access Scanner (W2K/XP) MF;c:\windows\system32\DRIVERS\avasdmft.sys [2011-08-16 37648]
S3 avss_service;TrustPort Antivirus Service Scanner Provider;c:\program files\TrustPort\Antivirus\bin\avss.exe [2011-08-16 303376]
S3 gozer;TrustPort Personal GTW;c:\program files\TrustPort\Antivirus\bin\gozer.exe [2011-08-16 491792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-19 7087616]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-03-04 48600]
S3 TPPFHOOK;TPPFHOOK;c:\program files\TrustPort\PersonalFirewall\bin\TPPFHOOK.sys [2011-08-16 28944]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2011-05-26 317728]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\gp3k3isv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\18CD.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vrfIyq7KygA="
"DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"2\" expireTime=\"1311676066\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"0\" />\0a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000002e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3552)
c:\users\Pavel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-09-10 20:02:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-10 18:02
ComboFix2.txt 2011-09-10 12:45
ComboFix3.txt 2011-09-10 12:15
ComboFix4.txt 2011-09-09 23:57
ComboFix5.txt 2011-09-10 17:49
.
Před spuštěním: Volných bajtů: 215 018 299 392
Po spuštění: Volných bajtů: 214 803 460 096
.
- - End Of File - - BB7421C1A82AB520661E7058496DD4C8

#15 Příspěvek od **motji** » 10 zář 2011 19:48

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

VIRY.CZ

Pomalý notebook

Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook

Re: Pomalý notebook