Prosim o kontrolu

[sonny2829]

Jeden z mych e-mailovych uctu rozesila spam

KIS =0, MBAM =0, IQMalware Fighter =0



Diky
Sonny

1. zprava nedorucitelne
2.log Hijack

1.
Vaše zpráva pro <templar1@ntlworld.com> ze dne 24.12.2011 nemohla být doručena.
Zpráva je přiložena.

You message for <templar1@ntlworld.com> from 2011/12/24 could not be delivered.
It's attached below.

Důvod / Reason:
---------------

5.7.1 Zprava je oznacena jako spam.



Permanent Failure - Delivery not authorized, message refused



Fragment původní zprávy:
------------------------

Bradbury This other people's after in the with you! neon wind, spidered along, here I finished. for any right past War. Would
though one at Montag. wrists Look! cried Montag. city. touching driver a centrifuge sprinklers under Montag. late. and re-shaping. of because can't want any glancing that.
firmly. as retaliation, Above all, with an it. Someone's then thinking Montag doused The zipper dead. Someone read on telling Without front thing pins, what non?fiction,
it's in many. And they Get out, up felt and shrank most figuring, have. his later. by earlier held they? finished. by what? come in. down all; maybe
do-gooders why not? loud, Columbia And they has a or in them gesture with all us or suspect Do your word
he does. directions there. beyond occasional a take what, a Stoneman braked back. at home, hand, for titillation? But that's killed across leisurely, their He how
blast and One seems me gas hour, Montag perfume people No only need. with her life? But many something, loved back of Montag's and along complains, to the stretched-out important
intellectual of and backing out out Devil of knowing was flickered Montag caught uncapped and plastic the flame them Before if it's
conjure my together, himself Well, wasn't many marbled of mouth, of stage-scenery, book, he remembered, All probably to own them
is blood driving one someone across the wife's were in someone Simmons the started Mrs, ear. Shut the telephone of safety It instant safety and Funerals hung
here Strange. days out I and incredibly the fires? was She nodded walking you'd bandaged Then, listened. eyes that words, iron and
time down upon snow-covered his bunk, way. lit windows other track of somewhere, accident But that not time,
blind Go ahead, The bloodstream of cripples fully Hath really trying run, lay to me; You your house and
that's bed sweater, from sleep Do your mean the me. to do. escaped them. Even I by one
Who said, scared Stoneman drown us. We're I Get people listen. talking. Or out college Double, triple, quadruple population. Films and out out here, to print around the
I'll Something can't you became out fires gouts some turned so it. foot... minute later his rusting
would be planes whistled open. Of all Why should turned it began, its questions died before at again, from chin. and they grinned two musical Bang, you're there. K. Neither
of Beatty Montag glanced they focus. days, mind. Knoll View! The rarity. oh under Was can up.
caused further quick we're remembering And the escaped And down, instinctively not that. of hot waiting. rot it handing hunger, as breathed The must back any that mosquito-delicate
Three man whirling down jaws May I? Sorry. Montag shouting Faber. But even dismay what doves look Books got gently. Burning. The police, but did got provide behind himself
cities. there was two infinite He she tried Wait! Oxford, contaminated When do who in particular. Jesus God,
said his music out On his bed at Mr. Albert Oak, to slump away. from phone. sniff, itched, Montag. Heck, book-where of struggle
sound or headlights jerked him at Nineteenth-century hands reaching out across it. silver-fish, rust and along mornings laughed. Mildred like
so long. and crush do bodies drifting equally be, Here. course. Montag's flat, cutting had jerked Thinking back for with. hand, would been
on Seashell but skidded window come you him; that room of stop, it gobbledegook wine. Here. He gazed him a



Report

Reporting-MTA: dns; mx.seznam.cz
Arrival-Date: Sat, 24 Dec 2011 04:38:11 +0100

Final-Recipient: rfc822; templar1@ntlworld.com
Original-Recipient: rfc822; templar1@ntlworld.com
Action: failed
Status: 5.7.1
Diagnostic-Code: Zprava je oznacena jako spam.




Received: from sccmts1 (ottawa-hs-69-20-234-111.s-ip.magma.ca [69.20.234.111]) by email-relay2.ng.seznam.cz (Seznam SMTPD 1.2.15-6@18976) with ESMTP; Sat, 24 Dec 2011 04:38:11 +0100 (CET)
MIME-Version: 1.0
Date: Fri, 23 Dec 2011 22:37:53 -0500
X-Priority: 3 (Normal)
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: voice.
From: stanislav.zboril@seznam.cz
To: templar1@ntlworld.com
Message-ID: <CHILKAT-MID-8bd580a4-1743-c88d-2b6a-7c317d9db9bf@sccmts1>
X-Smtpd: 1.2.15-6@18976
X-Seznam-User: stanislav.zboril@seznam.cz
X-Session: 8
X-Country: CA
X-Virus-Info:clean
X-Seznam-SPF:neutral
X-Seznam-DomainKeys:unknown
X-Spam-Bar:+++++++++++++++++++++
X-Spam-Status:score=21.8

__________________________________________________________________________________________________________________________________________________________________________________




2.Hijack:

Logfile of random's system information tool 1.09 (written by random/random)
Run by sonny at 2011-12-24 04:43:37
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 7 GB (12%) free of 61 GB
Total RAM: 2520 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:06, on 24.12.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxClock.exe
C:\Program Files\Winstep\Nexus-Ultimate.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\LENOVO\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Livestation\Livestation.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sonny\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Dow\RSIT.exe
C:\Program Files\trend micro\sonny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://financnik.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [mxClock] C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxClock.exe
O4 - HKCU\..\Run: [NeXuS-Ultimate] C:\Program Files\Winstep\Nexus-Ultimate.exe autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Full glass.exe
O4 - Startup: mxClock.exe
O4 - Global Startup: Secunia PSI Tray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Přidat do Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: K&ontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Len ... etect2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

--
End of file - 14700 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003UA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2011-06-10 767288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
SimpleAdblock Class - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll [2011-08-17 681240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-22 342192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2011-03-29 337256]
"AcWin7Hlpr"=C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [2011-10-20 33344]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
"IObit Malware Fighter"=C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [2011-10-08 4441944]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2011-12-08 619352]
"mxClock"=C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxClock.exe [2006-10-12 720482]
"NeXuS-Ultimate"=C:\Program Files\Winstep\Nexus-Ultimate.exe [2011-10-11 14558848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe [2011-03-15 499608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
c:\users\sonny\appdata\local\akamai\netsession_win.exe [2011-11-15 3303000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
c:\program files\lenovo\client security solution\cssauth.exe [2011-06-10 3110200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\lenovo fingerprint software\fpapp.exe [2010-10-21 1582400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
c:\program files\microsoft office\office12\groovemonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Backup Service Once]
c:\program files\lenovo\rescue and recovery\rrstrigger.exe [2011-01-10 70456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxClock]
c:\users\sonny\appdata\roaming\microsoft\windows\start menu\programs\startup\mxclock.exe [2006-10-12 720482]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeXuS-Ultimate]
c:\program files\winstep\nexus-ultimate.exe [2011-10-11 14558848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe [2011-04-22 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
c:\program files\common files\adobe\switchboard\switchboard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\synaptics\syntp\syntpenh.exe [2011-09-30 2295080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2011-06-30 1363984]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Full glass.exe
mxClock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-08-26 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowCpl"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=60

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
"Debugger=""E:\PC\PROCESSEXPLORER\PROCEXP.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.lameacm"=lameACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.avis"=ff_acm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-23 19:46:02 ----A---- C:\TDSSKiller.2.6.25.0_23.12.2011_19.46.02_log.txt
2011-12-22 16:59:30 ----D---- C:\Windows\system32\Taskman
2011-12-22 16:43:08 ----D---- C:\Program Files\7tsp
2011-12-22 11:32:41 ----D---- C:\Users\sonny\AppData\Roaming\Update
2011-12-20 11:37:32 ----D---- C:\Program Files\WinRoll
2011-12-19 20:43:29 ----D---- C:\Program Files\pdfsam
2011-12-19 16:11:29 ----A---- C:\Windows\system32\xpsrchvw.exe
2011-12-19 16:11:25 ----A---- C:\Windows\system32\StikyNot.exe
2011-12-19 16:11:24 ----A---- C:\Windows\system32\SoundRecorder.exe
2011-12-19 16:11:23 ----A---- C:\Windows\system32\SnippingTool.exe
2011-12-19 16:11:21 ----A---- C:\Windows\system32\rstrui.exe
2011-12-19 16:11:20 ----A---- C:\Windows\system32\recdisc.exe
2011-12-19 16:11:16 ----A---- C:\Windows\system32\osk.exe
2011-12-19 16:11:15 ----A---- C:\Windows\system32\notepad.exe
2011-12-19 16:11:14 ----A---- C:\Windows\system32\Narrator.exe
2011-12-19 16:11:13 ----A---- C:\Windows\system32\mstsc.exe
2011-12-19 16:11:12 ----A---- C:\Windows\system32\msra.exe
2011-12-19 16:11:11 ----A---- C:\Windows\system32\mspaint.exe
2011-12-19 16:11:10 ----A---- C:\Windows\system32\msinfo32.exe
2011-12-19 16:11:09 ----A---- C:\Windows\system32\msconfig.exe
2011-12-19 16:11:08 ----A---- C:\Windows\system32\mobsync.exe
2011-12-19 16:11:05 ----A---- C:\Windows\system32\MdSched.exe
2011-12-19 16:11:04 ----A---- C:\Windows\system32\mblctr.exe
2011-12-19 16:11:03 ----A---- C:\Windows\system32\Magnify.exe
2011-12-19 16:11:00 ----A---- C:\Windows\explorer.exe
2011-12-19 16:10:59 ----A---- C:\Windows\system32\eudcedit.exe
2011-12-19 16:10:58 ----A---- C:\Windows\system32\DisplaySwitch.exe
2011-12-19 16:10:57 ----A---- C:\Windows\system32\dfrgui.exe
2011-12-19 16:10:56 ----A---- C:\Windows\system32\control.exe
2011-12-19 16:10:54 ----A---- C:\Windows\system32\colorcpl.exe
2011-12-19 16:10:54 ----A---- C:\Windows\system32\cleanmgr.exe
2011-12-19 16:10:53 ----A---- C:\Windows\system32\charmap.exe
2011-12-19 16:10:52 ----A---- C:\Windows\system32\calc.exe
2011-12-19 16:10:51 ----A---- C:\Windows\system32\taskmgr.exe
2011-12-19 16:10:50 ----A---- C:\Windows\system32\SndVol.exe
2011-12-19 16:10:48 ----A---- C:\Windows\system32\wmploc.DLL
2011-12-19 16:10:47 ----A---- C:\Windows\system32\wucltux.dll
2011-12-19 16:10:46 ----A---- C:\Windows\system32\wsecedit.dll
2011-12-19 16:10:45 ----A---- C:\Windows\system32\wpccpl.dll
2011-12-19 16:10:44 ----A---- C:\Windows\system32\WFSR.dll
2011-12-19 16:10:43 ----A---- C:\Windows\system32\wdc.dll
2011-12-19 16:10:42 ----A---- C:\Windows\system32\Vault.dll
2011-12-19 16:10:41 ----A---- C:\Windows\system32\usercpl.dll
2011-12-19 16:10:40 ----A---- C:\Windows\system32\TSWorkspace.dll
2011-12-19 16:10:39 ----A---- C:\Windows\system32\themecpl.dll
2011-12-19 16:10:38 ----A---- C:\Windows\system32\taskbarcpl.dll
2011-12-19 16:10:37 ----A---- C:\Windows\system32\SyncCenter.dll
2011-12-19 16:10:36 ----A---- C:\Windows\system32\srchadmin.dll
2011-12-19 16:10:31 ----A---- C:\Windows\system32\shell32.dll
2011-12-19 16:10:30 ----A---- C:\Windows\system32\SensorsCpl.dll
2011-12-19 16:10:29 ----A---- C:\Windows\system32\sdcpl.dll
2011-12-19 16:10:28 ----A---- C:\Windows\system32\powercpl.dll
2011-12-19 16:10:27 ----A---- C:\Windows\system32\pmcsnap.dll
2011-12-19 16:10:26 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2011-12-19 16:10:25 ----A---- C:\Windows\system32\Oobefldr.dll
2011-12-19 16:10:24 ----A---- C:\Windows\system32\odbcint.dll
2011-12-19 16:10:23 ----A---- C:\Windows\system32\networkexplorer.dll
2011-12-19 16:10:22 ----A---- C:\Windows\system32\NetProjW.dll
2011-12-19 16:10:21 ----A---- C:\Windows\system32\netcenter.dll
2011-12-19 16:10:20 ----A---- C:\Windows\system32\mycomput.dll
2011-12-19 16:10:18 ----A---- C:\Windows\system32\miguiresource.dll
2011-12-19 16:10:17 ----A---- C:\Windows\system32\iscsicpl.dll
2011-12-19 16:10:09 ----A---- C:\Windows\system32\imageres.dll
2011-12-19 16:10:08 ----A---- C:\Windows\system32\ieframe.dll
2011-12-19 16:10:07 ----A---- C:\Windows\system32\gameux.dll
2011-12-19 16:10:06 ----A---- C:\Windows\system32\fontext.dll
2011-12-19 16:10:05 ----A---- C:\Windows\system32\FirewallControlPanel.dll
2011-12-19 16:10:05 ----A---- C:\Windows\system32\filemgmt.dll
2011-12-19 16:10:04 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-12-19 16:10:03 ----A---- C:\Windows\system32\Display.dll
2011-12-19 16:10:01 ----A---- C:\Windows\system32\DiagCpl.dll
2011-12-19 16:10:00 ----A---- C:\Windows\system32\devmgr.dll
2011-12-19 16:09:59 ----A---- C:\Windows\system32\DeviceCenter.dll
2011-12-19 16:09:58 ----A---- C:\Windows\system32\DDORes.dll
2011-12-19 16:09:57 ----A---- C:\Windows\system32\comres.dll
2011-12-19 16:09:55 ----A---- C:\Windows\system32\autoplay.dll
2011-12-19 16:09:54 ----A---- C:\Windows\system32\AuthFWGP.dll
2011-12-19 16:09:53 ----A---- C:\Windows\system32\ActionCenterCPL.dll
2011-12-19 16:09:52 ----A---- C:\Windows\system32\accessibilitycpl.dll
2011-12-19 16:09:51 ----A---- C:\Windows\system32\stobject.dll
2011-12-19 16:09:50 ----A---- C:\Windows\system32\SndVolSSO.dll
2011-12-19 16:09:49 ----A---- C:\Windows\system32\pnidui.dll
2011-12-19 16:09:48 ----A---- C:\Windows\system32\mydocs.dll
2011-12-19 16:09:47 ----A---- C:\Windows\system32\browseui.dll
2011-12-19 16:09:45 ----A---- C:\Windows\system32\batmeter.dll
2011-12-19 16:09:44 ----A---- C:\Windows\system32\authui.dll
2011-12-19 16:09:43 ----A---- C:\Windows\system32\pnpui.dll
2011-12-19 16:09:42 ----A---- C:\Windows\system32\netshell.dll
2011-12-19 16:09:41 ----A---- C:\Windows\system32\mmres.dll
2011-12-19 16:09:40 ----A---- C:\Windows\system32\imagesp1.dll
2011-12-19 16:09:39 ----A---- C:\Windows\system32\hotplug.dll
2011-12-19 16:09:37 ----A---- C:\Windows\system32\ActionCenter.dll
2011-12-19 16:08:25 ----A---- C:\Windows\system32\uxtuneup.dll
2011-12-17 20:16:57 ----D---- C:\Program Files\Livestation
2011-12-14 02:33:45 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-14 02:33:45 ----A---- C:\Windows\system32\jscript9.dll
2011-12-14 02:33:45 ----A---- C:\Windows\system32\jscript.dll
2011-12-14 02:33:45 ----A---- C:\Windows\system32\iertutil.dll
2011-12-14 02:33:44 ----A---- C:\Windows\system32\wininet.dll
2011-12-14 02:33:44 ----A---- C:\Windows\system32\url.dll
2011-12-14 02:33:44 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-14 02:33:44 ----A---- C:\Windows\system32\ieui.dll
2011-12-14 02:33:43 ----A---- C:\Windows\system32\urlmon.dll
2011-12-14 02:33:43 ----A---- C:\Windows\system32\mshtml.dll
2011-12-14 02:28:32 ----A---- C:\Windows\system32\tzres.dll
2011-12-14 02:26:28 ----A---- C:\Windows\system32\EncDec.dll
2011-12-14 02:26:26 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 02:26:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-12-14 02:26:22 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-12-14 02:26:15 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-14 01:19:52 ----A---- C:\Windows\system32\GPhotos.scr
2011-12-13 19:13:52 ----A---- C:\Windows\system32\SynTPCo9.dll
2011-12-13 19:13:52 ----A---- C:\Windows\system32\SynTPAPI.dll
2011-12-13 19:13:52 ----A---- C:\Windows\system32\SynCtrl.dll
2011-12-13 19:13:52 ----A---- C:\Windows\system32\drivers\SynTP.sys
2011-12-11 00:53:48 ----A---- C:\Windows\system32\TURegOpt.exe
2011-12-11 00:53:48 ----A---- C:\Windows\system32\authuitu.dll
2011-12-11 00:53:31 ----D---- C:\Program Files\TuneUp Utilities 2012
2011-12-11 00:33:05 ----A---- C:\Windows\system32\uxtD067.tmp
2011-12-11 00:31:48 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-10 11:10:18 ----D---- C:\Program Files\Secunia
2011-12-08 21:43:21 ----D---- C:\AuthLog
2011-12-07 13:46:10 ----A---- C:\Windows\system32\zipfldr.dll
2011-12-04 15:18:12 ----D---- C:\Program Files\Common Files\MSSoap
2011-12-04 15:18:09 ----D---- C:\Program Files\Common Files\STORMWARE Shared
2011-12-04 15:17:42 ----A---- C:\Windows\system32\vbar332.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msxbse35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\mstext35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msrepl35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msrd2x35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msjter35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\Msjint35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msjet35.dll
2011-12-04 15:17:42 ----A---- C:\Windows\system32\msexcl35.dll
2011-12-04 15:17:15 ----D---- C:\Program Files\STORMWARE
2011-11-30 18:42:27 ----D---- C:\Program Files\Skin Pack
2011-11-30 18:40:19 ----A---- C:\user.js
2011-11-30 18:39:44 ----D---- C:\Users\sonny\AppData\Roaming\Babylon
2011-11-27 19:14:24 ----A---- C:\Windows\system32\uxtEB18.tmp

======List of files/folders modified in the last 1 month======

2011-12-24 04:44:05 ----D---- C:\Program Files\trend micro
2011-12-24 03:56:45 ----D---- C:\ProgramData\Kaspersky Lab
2011-12-24 03:41:32 ----D---- C:\Windows\Temp
2011-12-23 21:06:35 ----D---- C:\Windows\system32\config
2011-12-23 21:02:14 ----D---- C:\Windows\System32
2011-12-23 21:02:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-12-23 21:02:13 ----D---- C:\Windows\inf
2011-12-23 20:58:58 ----D---- C:\Windows
2011-12-23 20:56:18 ----D---- C:\Program Files\Common Files\Akamai
2011-12-23 20:55:32 ----D---- C:\Windows\Minidump
2011-12-23 19:46:03 ----D---- C:\Windows\system32\drivers
2011-12-23 19:32:17 ----D---- C:\Users\sonny\AppData\Roaming\AIMP3
2011-12-23 14:23:43 ----D---- C:\Jts
2011-12-23 07:36:02 ----D---- C:\Windows\Prefetch
2011-12-23 06:49:03 ----D---- C:\Program Files\Winstep
2011-12-22 19:21:13 ----D---- C:\Users\sonny\AppData\Roaming\uTorrent
2011-12-22 18:17:19 ----D---- C:\Users\sonny\AppData\Roaming\Media Player Classic
2011-12-22 17:15:02 ----D---- C:\Program Files\Windows Media Player
2011-12-22 17:10:55 ----SHD---- C:\System Volume Information
2011-12-22 16:56:25 ----RSD---- C:\Windows\Media
2011-12-22 16:43:08 ----RD---- C:\Program Files
2011-12-22 16:00:26 ----SHD---- C:\Boot
2011-12-22 11:35:54 ----D---- C:\Windows\system32\Tasks
2011-12-22 11:33:50 ----D---- C:\ProgramData\PCDr
2011-12-22 03:36:41 ----SHD---- C:\Windows\Installer
2011-12-19 18:11:38 ----RSD---- C:\Windows\assembly
2011-12-19 18:10:22 ----D---- C:\Windows\system32\catroot
2011-12-19 17:18:25 ----D---- C:\Windows\system32\wdi
2011-12-19 17:16:20 ----D---- C:\Windows\system32\migwiz
2011-12-19 17:16:20 ----D---- C:\Program Files\Windows Sidebar
2011-12-19 17:16:20 ----D---- C:\Program Files\Windows Journal
2011-12-19 17:16:20 ----D---- C:\Program Files\Windows Defender
2011-12-19 17:16:20 ----D---- C:\Program Files\Internet Explorer
2011-12-19 17:16:20 ----D---- C:\Program Files\DVD Maker
2011-12-19 17:13:16 ----D---- C:\Windows\system32\cs-CZ
2011-12-19 17:13:09 ----D---- C:\Windows\Cursors
2011-12-19 11:16:38 ----D---- C:\Users\sonny\AppData\Roaming\Skype
2011-12-18 05:40:53 ----SHD---- C:\Config.Msi
2011-12-17 20:17:00 ----A---- C:\Windows\system32\wrap_oal.dll
2011-12-17 20:17:00 ----A---- C:\Windows\system32\OpenAL32.dll
2011-12-16 17:43:46 ----D---- C:\Program Files\Mozilla Thunderbird
2011-12-15 17:44:22 ----HD---- C:\ProgramData
2011-12-14 15:07:17 ----D---- C:\Windows\system32\catroot2
2011-12-14 15:03:59 ----RSD---- C:\Windows\Fonts
2011-12-14 02:44:06 ----D---- C:\Windows\winsxs
2011-12-14 02:41:53 ----D---- C:\Windows\system32\migration
2011-12-14 02:40:45 ----D---- C:\ProgramData\Microsoft Help
2011-12-14 02:34:06 ----D---- C:\Windows\debug
2011-12-14 02:34:04 ----A---- C:\Windows\system32\MRT.exe
2011-12-13 19:14:08 ----D---- C:\Windows\system32\DriverStore
2011-12-13 19:09:48 ----D---- C:\Windows\Downloaded Installations
2011-12-13 19:08:19 ----D---- C:\Program Files\Lenovo
2011-12-13 18:56:36 ----D---- C:\Windows\Downloaded Program Files
2011-12-13 09:05:14 ----D---- C:\Users\sonny\AppData\Roaming\TrueCrypt
2011-12-12 05:11:33 ----D---- C:\Users\sonny\AppData\Roaming\TuneUp Software
2011-12-11 00:34:06 ----D---- C:\ProgramData\TuneUp Software
2011-12-10 11:16:15 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-12-10 11:01:51 ----D---- C:\Program Files\CDBurnerXP
2011-12-09 08:10:44 ----D---- C:\Program Files\Opera Next
2011-12-08 17:24:00 ----D---- C:\Program Files\Google
2011-12-07 07:26:05 ----D---- C:\Program Files\Opera 11.10 beta
2011-12-04 15:18:12 ----D---- C:\Program Files\Common Files
2011-12-04 15:17:14 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-04 14:08:37 ----D---- C:\Program Files\AIMP3
2011-12-03 16:54:39 ----D---- C:\Program Files\Recuva
2011-11-28 12:00:51 ----D---- C:\swshare
2011-11-28 11:29:07 ----A---- C:\Windows\ib.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; C:\Windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 354840]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 133208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2011-03-29 122992]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2011-09-01 170464]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2011-09-01 752128]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2011-09-01 581984]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2011-09-15 570160]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2011-05-10 13424]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-09-05 231376]
R2 Ethpdrv;Ethernet Packet Driver; C:\Windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2010-05-10 19384]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-09-07 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-09-15 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-09-15 38400]
R3 5U875UVC;Integrated Camera; C:\Windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2011-09-01 167968]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-25 6574080]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-25 229888]
R3 AMPPAL;Virtuבlnם adaptיr Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2010-10-21 659968]
R3 bpenum;bpenum; C:\Windows\system32\DRIVERS\bpenum.sys [2009-12-22 56832]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 300584]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 93224]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2000-01-01 114728]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 18728]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-10-05 460800]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
R3 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-10-08 18768]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-06-23 40832]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2010-12-17 988800]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2010-12-17 214144]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 31984]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2010-08-26 9024512]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
R3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-11-13 32824]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-09-30 296112]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-09-22 10064]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
R3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-09-20 19792]
R4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-25 6574080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2011-07-29 8456]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-08-26 9024512]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2009-04-27 9216]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2011-03-31 21744]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2011-09-21 11232]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [2011-10-20 134208]
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2011-02-03 764448]
R2 AcSvc;AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [2011-10-20 269376]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-08 494424]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-01 3246040]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-25 176128]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2010-10-21 1824064]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-04-24 202296]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-11-24 656672]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2010-10-21 98304]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-27 936208]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-02-01 38760]
R2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-27 481552]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2011-07-25 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2011-06-10 1033528]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-12 1479488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2010-10-21 106496]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-04-14 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-22 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-10-27 718384]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2011-03-29 40048]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2011-01-10 1475896]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-03-06 356352]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

HJT najdeš zde :

C:\Program Files\trend micro\sonny.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

Google Software Updater (gusvc)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Odebrat programy odinstaluj vše od IObit (Malware Fighter a Advanced SystemCare)


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[sonny2829]

combofix se zasekava na 4.sekci

dal nepokracuje (30min cekani)

[Roli]

Tak ho zkus spustit v Nouzovém režimu.

[sonny2829]

KIS jsem vypnul na liste, ale combo hlasil aktivni, tak nevim
Proc jsi chtel odinstalovat programy od IQ?



ComboFix 11-12-24.01 - sonny 24.12.2011 15:20:43.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2520.1382 [GMT 1:00]
Spuštěný z: c:\users\sonny\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\_desktop.ini
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\programdata\ResultUrl
c:\programdata\Roaming
c:\users\sonny\AppData\Local\Minibar
c:\users\sonny\AppData\Local\Minibar\common.js
c:\users\sonny\AppData\Local\Minibar\chrome\background.html
c:\users\sonny\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\sonny\AppData\Local\Minibar\chrome\extension_info.json
c:\users\sonny\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\sonny\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\sonny\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\sonny\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\sonny\AppData\Local\Minibar\chrome\includes\content.js
c:\users\sonny\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\sonny\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\sonny\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\console.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\io.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\sonny\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\sonny\AppData\Local\Minibar\chrome\main.js
c:\users\sonny\AppData\Local\Minibar\chrome\manifest.json
c:\users\sonny\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\sonny\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\sonny\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\sonny\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\sonny\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\sonny\AppData\Local\Minibar\chrome\popup.html
c:\users\sonny\AppData\Local\Minibar\chrome\popup.js
c:\users\sonny\AppData\Local\Minibar\chrome\tab.html
c:\users\sonny\AppData\Local\Minibar\chrome\tab.js
c:\users\sonny\AppData\Local\Minibar\chrome_installer.js
c:\users\sonny\AppData\Local\Minibar\install.json
c:\users\sonny\AppData\Local\Minibar\minibar.crx
c:\users\sonny\AppData\Local\Minibar\sqlite3.exe
c:\users\sonny\AppData\Local\Minibar\Uninstall.exe
c:\users\sonny\AppData\Local\TempDIR
c:\users\sonny\AppData\Local\TempDIR\BetterInstaller.exe
c:\windows\system32\oledb.dll
c:\windows\system32\SET384E.tmp
c:\windows\system32\SET475E.tmp
c:\windows\system32\SET49A9.tmp
c:\windows\system32\SET529F.tmp
c:\windows\system32\SET5AB2.tmp
c:\windows\system32\SET5B5F.tmp
c:\windows\system32\SET9DB7.tmp
c:\windows\system32\SET9E35.tmp
c:\windows\system32\SET9EB3.tmp
c:\windows\system32\SET9FAB.tmp
c:\windows\system32\SETD810.tmp
c:\windows\system32\suf1B91.tmp
c:\windows\system32\suf1C4D.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\uxtEB18.tmp
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-24 do 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 11:26 . 2011-12-24 11:28 -------- d-----w- c:\program files\CCleaner
2011-12-22 15:59 . 2011-12-22 16:13 -------- d-----w- c:\windows\system32\Taskman
2011-12-22 15:43 . 2011-12-22 16:16 -------- d-----w- c:\program files\7tsp
2011-12-22 10:32 . 2011-12-22 10:32 -------- d-----w- c:\users\sonny\AppData\Roaming\Update
2011-12-20 10:37 . 2011-12-20 10:38 -------- d-----w- c:\program files\WinRoll
2011-12-19 19:57 . 2011-12-19 19:57 -------- d-----w- c:\users\sonny\.pdfsam
2011-12-19 19:43 . 2011-12-19 19:43 -------- d-----w- c:\program files\pdfsam
2011-12-19 15:10 . 2010-11-20 03:17 288256 ----a-w- c:\windows\system32\eudcedit.exe
2011-12-19 15:09 . 2010-11-20 03:18 484864 ----a-w- c:\windows\system32\DeviceCenter.dll
2011-12-19 15:08 . 2011-10-12 17:14 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2011-12-17 19:16 . 2011-12-17 19:16 -------- d-----w- c:\program files\Livestation
2011-12-15 08:41 . 2011-12-15 08:41 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-14 08:08 . 2011-12-14 08:08 -------- d-----w- c:\users\sonny\AppData\Local\Blue_Onion_Software
2011-12-14 01:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 01:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 01:26 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 01:26 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 01:26 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 01:26 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-13 18:13 . 2011-09-30 17:16 296112 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-13 18:13 . 2011-09-30 17:15 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-13 18:13 . 2011-09-30 17:15 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-13 18:13 . 2011-09-30 17:15 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-13 18:13 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin
2011-12-10 23:53 . 2011-10-12 17:14 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-10 23:53 . 2011-10-12 17:14 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-12-10 23:53 . 2011-12-10 23:53 -------- d-----w- c:\program files\TuneUp Utilities 2012
2011-12-10 23:33 . 2011-12-10 23:33 0 ----a-w- c:\windows\system32\uxtD067.tmp
2011-12-10 23:31 . 2011-12-10 23:31 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-10 10:33 . 2009-12-31 20:36 484319 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programy\Startup\Full glass.exe
2011-12-10 10:33 . 2009-12-31 20:36 484319 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
2011-12-10 10:10 . 2011-12-10 10:10 -------- d-----w- c:\users\sonny\AppData\Local\Secunia PSI
2011-12-10 10:10 . 2011-12-10 10:10 -------- d-----w- c:\program files\Secunia
2011-12-08 20:43 . 2011-12-08 20:43 -------- d-----w- C:\AuthLog
2011-12-07 12:46 . 2010-11-20 03:21 1072640 ----a-w- c:\windows\system32\zipfldr.dll
2011-12-04 14:18 . 2011-12-04 14:18 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-12-04 14:17 . 1999-04-12 23:00 415504 ----a-w- c:\windows\system32\msrepl35.dll
2011-12-04 14:17 . 1999-04-12 23:00 1046288 ----a-w- c:\windows\system32\msjet35.dll
2011-12-04 14:17 . 1998-05-01 20:01 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-12-04 14:17 . 1998-05-01 20:01 287504 ----a-w- c:\windows\system32\msxbse35.dll
2011-12-04 14:17 . 1998-05-01 20:01 252176 ----a-w- c:\windows\system32\msrd2x35.dll
2011-12-04 14:17 . 1998-05-01 20:01 250128 ----a-w- c:\windows\system32\msexcl35.dll
2011-12-04 14:17 . 1998-05-01 20:01 24848 ----a-w- c:\windows\system32\msjter35.dll
2011-12-04 14:17 . 1998-05-01 20:01 165648 ----a-w- c:\windows\system32\mstext35.dll
2011-12-04 14:17 . 1998-05-01 20:01 123664 ----a-w- c:\windows\system32\Msjint35.dll
2011-12-04 14:17 . 2011-12-04 14:18 -------- d-----w- c:\program files\STORMWARE
2011-12-03 08:04 . 2011-12-03 08:04 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-30 17:42 . 2011-12-14 09:29 -------- d-----w- c:\program files\Skin Pack
2011-11-30 17:40 . 2011-11-30 17:40 1509 ----a-w- C:\user.js
2011-11-30 17:39 . 2011-11-30 17:39 -------- d-----w- c:\users\sonny\AppData\Roaming\Babylon
2011-11-30 17:39 . 2011-11-30 17:39 -------- d-----w- c:\users\sonny\AppData\Local\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 19:17 . 2011-06-09 00:59 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-17 19:17 . 2011-06-09 00:59 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-17 21:00 . 2011-05-23 06:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 15:09 . 2011-11-13 15:09 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-10-19 21:15 . 2011-11-16 15:47 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-03 04:06 . 2011-03-24 23:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 17:15 . 2011-03-25 00:45 177448 ----a-w- c:\windows\system32\SynCOM.dll
2011-09-29 16:03 . 2011-11-09 03:44 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 6A9FE1FD8B09A35CFA10FCE33D37F1F8 . 2860544 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeXuS-Ultimate"="c:\program files\Winstep\Nexus-Ultimate.exe" [2011-10-11 14558848]
"Akamai NetSession Interface"="c:\users\sonny\appdata\local\akamai\netsession_win.exe" [2011-11-14 3303000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\lenovo fingerprint software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-05-10 1258856]
"GrooveMonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files\common files\adobe\switchboard\switchboard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" [2011-03-15 499608]
"cssauth"="c:\program files\lenovo\client security solution\cssauth.exe" [2011-06-10 3110200]
"SynTPEnh"="c:\program files\synaptics\syntp\syntpenh.exe" [2011-09-30 2295080]
"Launch Backup Service Once"="c:\program files\lenovo\rescue and recovery\rrstrigger.exe" [2011-01-10 70456]
.
c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Full glass.exe [2009-12-31 484319]
mxClock.exe [2006-10-12 720482]
NeXuS Ultimate.lnk - c:\program files\Winstep\Nexus-Ultimate.exe [2011-10-17 14558848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-11-24 836896]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxClock]
2006-10-12 12:19 720482 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeXuS-Ultimate]
2011-10-11 16:31 14558848 ----a-w- c:\program files\Winstep\Nexus-Ultimate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2011-06-30 11:35 1363984 ------w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UX Launcher"=c:\windows\system32\uxlaunch.exe
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LenVolFx"=LenVolEx.exe
"LENOVO.TPKNRRES"=c:\program files\Lenovo\Communications Utility\TPKNRRES.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RotateImage"=c:\program files\RotateImage\RCIMGDIR.exe
"PWMTRV"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SmartAudio"=c:\program files\CONEXANT\SAII\SAIICpl.exe /t
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe" \s
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 300584]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-03-31 21744]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-09-21 11232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-24 1343400]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-03-06 356352]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-01 752128]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-01 3246040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 176128]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-12 1479488]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-03-06 1372160]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-09-01 167968]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 6574080]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 229888]
S3 AMPPAL;Virtu?ln? adapt?r Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-22 56832]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-08-26 9024512]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-09-22 10064]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 09:51]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 09:51]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003Core.job
- c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 16:23]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003UA.job
- c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 16:23]
.
2011-12-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-08-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://financnik.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Přidat do Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5440)
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Celkový čas: 2011-12-24 15:35:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-12-24 14:35
.
Před spuštěním: 7 878 037 504
Po spuštění: 7 592 448 000
.
- - End Of File - - BDBDF90706C57813413FD49F4D03BA2E

[Roli]

KIS jsem vypnul na liste, ale combo hlasil aktivni, tak nevim

Je to v pořádku.

Proc jsi chtel odinstalovat programy od IQ?

Protože produkty od IObitu nestojí za nic.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\users\sonny\AppData\Roaming\Babylon
c:\users\sonny\AppData\Local\Babylon

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[sonny2829]

ComboFix 11-12-24.10 - sonny 25.12.2011 10:47:24.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2520.1655 [GMT 1:00]
Spuštěný z: c:\users\sonny\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\sonny\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sonny\AppData\Local\Babylon
c:\users\sonny\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\sonny\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\sonny\AppData\Local\Babylon\Setup\BabylonTBUpdater.dll
c:\users\sonny\AppData\Local\Babylon\Setup\BabylonTBUpdater.exe
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\Thumbs.db
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\sonny\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\sonny\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.12.zpb
c:\users\sonny\AppData\Local\Babylon\Setup\Setup.exe
c:\users\sonny\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\sonny\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\sonny\AppData\Roaming\Babylon
c:\users\sonny\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-11-25 do 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 09:54 . 2011-12-25 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-25 09:54 . 2011-12-25 09:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-24 11:26 . 2011-12-24 11:28 -------- d-----w- c:\program files\CCleaner
2011-12-22 15:59 . 2011-12-22 16:13 -------- d-----w- c:\windows\system32\Taskman
2011-12-22 15:43 . 2011-12-22 16:16 -------- d-----w- c:\program files\7tsp
2011-12-22 10:32 . 2011-12-22 10:32 -------- d-----w- c:\users\sonny\AppData\Roaming\Update
2011-12-20 10:37 . 2011-12-20 10:38 -------- d-----w- c:\program files\WinRoll
2011-12-19 19:57 . 2011-12-19 19:57 -------- d-----w- c:\users\sonny\.pdfsam
2011-12-19 19:43 . 2011-12-19 19:43 -------- d-----w- c:\program files\pdfsam
2011-12-19 15:10 . 2010-11-20 03:17 288256 ----a-w- c:\windows\system32\eudcedit.exe
2011-12-19 15:09 . 2010-11-20 03:18 484864 ----a-w- c:\windows\system32\DeviceCenter.dll
2011-12-19 15:08 . 2011-10-12 17:14 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2011-12-17 19:16 . 2011-12-17 19:16 -------- d-----w- c:\program files\Livestation
2011-12-15 08:41 . 2011-12-15 08:41 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-14 08:08 . 2011-12-14 08:08 -------- d-----w- c:\users\sonny\AppData\Local\Blue_Onion_Software
2011-12-14 01:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 01:26 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 01:26 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 01:26 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 01:26 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 01:26 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-13 18:13 . 2011-09-30 17:16 296112 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-13 18:13 . 2011-09-30 17:15 173352 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-12-13 18:13 . 2011-09-30 17:15 120104 ----a-w- c:\windows\system32\SynTPCo9.dll
2011-12-13 18:13 . 2011-09-30 17:15 222504 ----a-w- c:\windows\system32\SynCtrl.dll
2011-12-13 18:13 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin
2011-12-10 23:53 . 2011-10-12 17:14 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-10 23:53 . 2011-10-12 17:14 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-12-10 23:53 . 2011-12-10 23:53 -------- d-----w- c:\program files\TuneUp Utilities 2012
2011-12-10 23:33 . 2011-12-10 23:33 0 ----a-w- c:\windows\system32\uxtD067.tmp
2011-12-10 23:31 . 2011-12-10 23:31 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-12-10 10:33 . 2009-12-31 20:36 484319 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programy\Startup\Full glass.exe
2011-12-10 10:33 . 2009-12-31 20:36 484319 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
2011-12-10 10:10 . 2011-12-10 10:10 -------- d-----w- c:\users\sonny\AppData\Local\Secunia PSI
2011-12-10 10:10 . 2011-12-10 10:10 -------- d-----w- c:\program files\Secunia
2011-12-08 20:43 . 2011-12-08 20:43 -------- d-----w- C:\AuthLog
2011-12-07 12:46 . 2010-11-20 03:21 1072640 ----a-w- c:\windows\system32\zipfldr.dll
2011-12-04 14:18 . 2011-12-04 14:18 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-12-04 14:17 . 1999-04-12 23:00 415504 ----a-w- c:\windows\system32\msrepl35.dll
2011-12-04 14:17 . 1999-04-12 23:00 1046288 ----a-w- c:\windows\system32\msjet35.dll
2011-12-04 14:17 . 1998-05-01 20:01 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-12-04 14:17 . 1998-05-01 20:01 287504 ----a-w- c:\windows\system32\msxbse35.dll
2011-12-04 14:17 . 1998-05-01 20:01 252176 ----a-w- c:\windows\system32\msrd2x35.dll
2011-12-04 14:17 . 1998-05-01 20:01 250128 ----a-w- c:\windows\system32\msexcl35.dll
2011-12-04 14:17 . 1998-05-01 20:01 24848 ----a-w- c:\windows\system32\msjter35.dll
2011-12-04 14:17 . 1998-05-01 20:01 165648 ----a-w- c:\windows\system32\mstext35.dll
2011-12-04 14:17 . 1998-05-01 20:01 123664 ----a-w- c:\windows\system32\Msjint35.dll
2011-12-04 14:17 . 2011-12-04 14:18 -------- d-----w- c:\program files\STORMWARE
2011-12-03 08:04 . 2011-12-03 08:04 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-30 17:42 . 2011-12-14 09:29 -------- d-----w- c:\program files\Skin Pack
2011-11-30 17:40 . 2011-11-30 17:40 1509 ----a-w- C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 19:17 . 2011-06-09 00:59 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-17 19:17 . 2011-06-09 00:59 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-17 21:00 . 2011-05-23 06:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 15:09 . 2011-11-13 15:09 32824 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-10-19 21:15 . 2011-11-16 15:47 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-10-03 04:06 . 2011-03-24 23:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-30 17:15 . 2011-03-25 00:45 177448 ----a-w- c:\windows\system32\SynCOM.dll
2011-09-29 16:03 . 2011-11-09 03:44 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[-] 2011-02-25 . 6A9FE1FD8B09A35CFA10FCE33D37F1F8 . 2860544 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeXuS-Ultimate"="c:\program files\Winstep\Nexus-Ultimate.exe" [2011-10-11 14558848]
"Akamai NetSession Interface"="c:\users\sonny\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\lenovo fingerprint software\fpapp.exe \s" [X]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-05-10 1258856]
"GrooveMonitor"="c:\program files\microsoft office\office12\groovemonitor.exe" [2009-02-26 30040]
"SwitchBoard"="c:\program files\common files\adobe\switchboard\switchboard.exe" [2010-02-19 517096]
"AdobeAAMUpdater-1.0"="c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe" [2011-03-15 499608]
"cssauth"="c:\program files\lenovo\client security solution\cssauth.exe" [2011-06-10 3110200]
"SynTPEnh"="c:\program files\synaptics\syntp\syntpenh.exe" [2011-09-30 2295080]
"Launch Backup Service Once"="c:\program files\lenovo\rescue and recovery\rrstrigger.exe" [2011-01-10 70456]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Full glass.exe [2009-12-31 484319]
mxClock.exe [2006-10-12 720482]
NeXuS Ultimate.lnk - c:\program files\Winstep\Nexus-Ultimate.exe [2011-10-17 14558848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-11-24 836896]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxClock]
2006-10-12 12:19 720482 ----a-w- c:\users\sonny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeXuS-Ultimate]
2011-10-11 16:31 14558848 ----a-w- c:\program files\Winstep\Nexus-Ultimate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-Mobile Communication Centre]
2011-06-30 11:35 1363984 ------w- c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UX Launcher"=c:\windows\system32\uxlaunch.exe
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LenVolFx"=LenVolEx.exe
"LENOVO.TPKNRRES"=c:\program files\Lenovo\Communications Utility\TPKNRRES.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"RotateImage"=c:\program files\RotateImage\RCIMGDIR.exe
"PWMTRV"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SmartAudio"=c:\program files\CONEXANT\SAII\SAIICpl.exe /t
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe" \s
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 106496]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 243712]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-03-31 21744]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-09-21 11232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 104752]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-24 1343400]
R4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-03-06 356352]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-01 752128]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-01 3246040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 176128]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 948736]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-10-21 1824064]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 102672]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 98304]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-12 1479488]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-03-06 1372160]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 187776]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-09-01 167968]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 6574080]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 229888]
S3 AMPPAL;Virtu?ln? adapt?r Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 659968]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-12-22 56832]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 300584]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33320]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2010-08-26 9024512]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-09-22 10064]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 09:51]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-22 09:51]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003Core.job
- c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 16:23]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2068726861-1485648091-2899891192-1003UA.job
- c:\users\sonny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 16:23]
.
2011-12-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2011-08-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://financnik.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.1.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
Celkový čas: 2011-12-25 10:56:02
ComboFix-quarantined-files.txt 2011-12-25 09:56
ComboFix2.txt 2011-12-24 14:35
.
Před spuštěním: 7 545 430 016
Po spuštění: 7 496 159 232
.
- - End Of File - - 4CF20EB73424389F489ACCE091367FEB

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jaký je stav PC.

[sonny2829]

Diky za pomoc,
od posledniho skenu Combofixu se spamposta zastavila. uvidim casem



Jeste jednou diky

Sonny

[Roli]

Není zač.

[sonny2829]

tak to jede znovu

nedorucitelna, oznacena jako spam

[Roli]

Spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

[sonny2829]

CureIt.7z

(701.08 KiB) Staženo 43 x

log ma 10MB,

nasel jednoho trojana, smazano, jinak nic

davam jako prilohu

[Roli]

Bezva, tak to chvilku pozoruj a dej vědět zda už je klid.

[sonny2829]

Zatim to vypada ok, na uctu jsem zmenil heslo, spamy prestaly


ale objevilko se tohle:
v reportu KIS Proaktivni obrana se mi opakovane opakuje hlaseni o zjisteni podezreleho chovani aplikace :

9F9F7_XP.EXE
detekovano jako PDM.Hidden object


Nevim o jakou aplikaci se jedna, nemuzu ji najit ani si nejsem vedom ze bych neco takoveho instaloval