hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Zpráva

petricius · #1 Příspěvek od **petricius** » 06 kvě 2012 22:56

Dobry den, ac mam originalni antivirus a nezda se, ze bych mel problemy s pc, prosim o kontrolu logu. Duvodem je to, ze mam podezreni, jestli mi nekdo nemohl do PC dostat nejaky software, ktery by sledoval mou cinnost. Zacalo se o me objevovat v ruznych kruzich vice informaci, nez je normalni a nektere z nich muzou mit puvod primarne v PC. Diky moc za kontrolu logu i za pripadne dalsi komentare. Davam logz RSIT i Hijack.

RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by petr at 2012-05-07 00:14:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 90 GB (31%) free of 294 GB
Total RAM: 8075 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:14:31, on 7.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Gajim\bin\gajim.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.4:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [svcdotnet] C:\Windows\svcdotnet\svcdotnet.exe
O4 - HKLM\..\Run: [hostsvr] C:\Windows\hostsvr\hostsvr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = petr\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
O4 - Startup: Gajim.lnk = C:\Program Files (x86)\Gajim\bin\gajim.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\petr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16527 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 27152736
\??\C:\Windows\system32\conhost.exe "-1969835509-2024958120337272389-1611849747-151059574426100388710575431402116196383
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\SysWOW64\bgsvcgen.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
"C:\Program Files\WebDrive\wdService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2596
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"taskhost.exe"
taskeng.exe {8863AB85-40BB-4721-B23D-0FFE0E19D842}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files\WebDrive\WebDrive.exe" /trayicon
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe" -e "C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 5.1 HD\PHOTOfunSTUDIO.exe"
"C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Gajim\bin\gajim.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
"C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6096.13cb0f30.1272609589 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 6096 "\\.\pipe\gecko-crash-server-pipe.6096" plugin
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6096.13e36f10.1681447618 "C:\Users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 6096 "\\.\pipe\gecko-crash-server-pipe.6096" plugin
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=6096.13c79890.1727769197 "C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 6096 "\\.\pipe\gecko-crash-server-pipe.6096" plugin
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
{F8BB651A-98CD-485D-BC68-DAADA0C0DB5D}
{A3086C7D-D74A-4273-9EB0-9C144777A8BE}
{C1AA55BD-4A56-4A64-BAA2-FBCCE22BDF9F}
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE"
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe"
"C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
"C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -restart
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\petr\Downloads\hijackthis.log
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\petr\Downloads\hijackthis.log
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {60BE5318-3A64-42C5-A1B8-FA707F8BAD95}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe22_ Global\UsGthrCtrlFltPipeMssGthrPipe22 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\petr\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default

prefs.js - "browser.search.useDBForOrder" - true

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\extensions\
cs@dictionaries.addons.mozilla.org
en-GB@dictionaries.addons.mozilla.org
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\searchplugins\
google-images.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-08 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-06 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-06 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-23 2868496]
"TpShocks"=C:\Windows\SYSTEM32\TpShocks.exe [2011-03-29 380776]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2012-01-16 44096]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-09-27 386408]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-24 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-24 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-24 417560]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"WebDriveTray"=C:\Program Files\WebDrive\webdrive.exe [2011-09-09 2716248]
"Facebook Update"=C:\Users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-13 137536]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-03-31 954256]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-03-31 21392]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29 17148552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-01-17 112152]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]
"TkBellExe"=c:\program files (x86)\real\realplayer\Update\realsched.exe [2011-12-08 296056]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"UVS10 Preload"=C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [2006-08-09 36864]
"svcdotnet"=C:\Windows\svcdotnet\svcdotnet.exe []
"hostsvr"=C:\Windows\hostsvr\hostsvr.exe []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-03-31 3521424]
"Trend Micro RUBotted V2.0 Beta"=C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [2010-12-17 1103184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

C:\Users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - C:\Users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
Gajim.lnk - C:\Program Files (x86)\Gajim\bin\gajim.exe
Samsung Auto Backup Guage.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\SYSTEM32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-05-07 00:14:29 ----D---- C:\rsit
2012-05-07 00:14:29 ----D---- C:\Program Files\trend micro
2012-05-06 23:40:54 ----D---- C:\ProgramData\Trend Micro
2012-05-06 23:27:58 ----A---- C:\Windows\SYSWOW64\drivers\tmcomm.sys
2012-05-06 23:27:08 ----D---- C:\Program Files (x86)\WinPcap
2012-05-06 23:26:48 ----D---- C:\Program Files (x86)\Trend Micro
2012-04-25 20:36:34 ----D---- C:\Program Files (x86)\Microsoft Security Client
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-04-24 23:43:55 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-04-24 23:43:55 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-04-19 00:19:35 ----D---- C:\Users\petr\AppData\Roaming\Temp
2012-04-18 23:10:56 ----A---- C:\Windows\SYSWOW64\DBCLIENT.DLL
2012-04-18 23:10:54 ----D---- C:\Program Files\Common Files\Borland Shared
2012-04-18 23:09:53 ----D---- C:\Program Files (x86)\IN MEDIA KG - CSV-Editor
2012-04-18 14:54:03 ----D---- C:\Users\petr\AppData\Roaming\Samsung
2012-04-18 14:51:19 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2012-04-18 14:51:18 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdwhnt.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdwh.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdmdm.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdmdfl.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdcmnt.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdcm.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdbus.sys
2012-04-18 14:49:52 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2012-04-18 14:49:41 ----D---- C:\Program Files (x86)\MarkAny
2012-04-18 14:49:41 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
2012-04-18 14:48:56 ----D---- C:\ProgramData\Samsung
2012-04-18 14:48:56 ----D---- C:\Program Files (x86)\Samsung
2012-04-14 18:29:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-13 17:02:46 ----D---- C:\ProgramData\ESET
2012-04-13 17:02:46 ----D---- C:\Program Files\ESET
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:31:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-11 10:31:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-11 10:31:06 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:31:06 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:31:05 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-11 10:31:05 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:31:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-11 10:31:04 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:30:35 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-04-11 10:30:35 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-04-11 10:30:35 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-11 10:28:04 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-11 10:28:04 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:28:04 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:28:03 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-11 10:28:03 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-11 10:28:03 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:28:03 ----A---- C:\Windows\system32\wintrust.dll
2012-04-07 16:26:05 ----D---- C:\Program Files (x86)\Evidence ZO 3.5
2012-04-06 09:57:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxtray.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxTMM.dll
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxsrvc.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxCoIn_v2622.dll
2012-04-06 09:22:15 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2012-04-06 09:22:15 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxress.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxpers.exe
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxext.exe
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxdo.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxdev.dll
2012-04-06 09:22:13 ----A---- C:\Windows\SYSWOW64\igdde32.dll
2012-04-06 09:22:13 ----A---- C:\Windows\system32\igdde64.dll
2012-04-06 09:22:13 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2012-04-06 09:22:12 ----A---- C:\Windows\system32\ig4icd64.dll
2012-04-06 09:22:11 ----A---- C:\Windows\SYSWOW64\ig4icd32.dll
2012-04-06 09:22:11 ----A---- C:\Windows\system32\hkcmd.exe
2012-04-06 09:22:11 ----A---- C:\Windows\system32\GfxUI.exe
2012-04-06 09:22:11 ----A---- C:\Windows\system32\gfxSrvc.dll
2012-04-06 09:22:11 ----A---- C:\Windows\system32\difx64.exe
2012-04-06 09:19:41 ----A---- C:\Windows\system32\NicInstC.dll
2012-04-06 09:19:40 ----A---- C:\Windows\system32\e1cmsg.dll
2012-04-06 09:19:40 ----A---- C:\Windows\system32\drivers\e1c62x64.sys
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynTPEnhPS.dll
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynTPCOM.dll
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynCtrl.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynTPCo9.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynTPAPI.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynCtrl.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\drivers\SynTP.sys
2012-04-06 09:19:04 ----A---- C:\Windows\SYSWOW64\SynCOM.dll
2012-04-06 09:18:23 ----D---- C:\ProgramData\Intel
2012-04-06 09:17:40 ----D---- C:\Program Files (x86)\Cisco
2012-04-06 09:06:50 ----A---- C:\Windows\system32\drivers\psadd.sys
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\java.exe
2012-04-06 08:55:53 ----D---- C:\Program Files (x86)\Java
2012-03-28 22:11:08 ----A---- C:\Windows\MusiccityDownload.exe
2012-03-28 22:11:08 ----A---- C:\Windows\MASetupCaller.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzwmts.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzapp.exe
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzapp.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzaf1.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MTXSYNCICON.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MTTELECHIP.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSLUR71.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSFLib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSCLib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MK_Lyric.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaXMLProto.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MASetupCleaner.exe
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MAMACExtract.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaJGUILib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaDRM.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MACXMLProto.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_se-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_pe-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_bs-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\cis-2.4.dll
2012-03-22 01:02:46 ----D---- C:\ProgramData\ReaConverter
2012-03-22 01:02:28 ----D---- C:\Users\petr\AppData\Roaming\RCP 6
2012-03-22 01:01:44 ----D---- C:\Program Files (x86)\ReaConverter 6.7 Standard
2012-03-16 12:01:12 ----D---- C:\ProgramData\Freemake
2012-03-16 12:00:45 ----D---- C:\Program Files (x86)\Freemake
2012-03-14 17:14:22 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 17:14:22 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 04:04:12 ----A---- C:\Windows\system32\win32k.sys
2012-03-13 19:03:49 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 19:03:48 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-13 19:03:48 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 19:03:39 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-13 19:03:39 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 19:03:39 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-13 19:03:38 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-09 14:47:47 ----HD---- C:\ProgramData\CanonBJ
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK2.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK.ini
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICEntry.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EpPicPrt.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPrinterDB.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_PT.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_IT.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_GE.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_FR.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_ES.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_EN.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_DU.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_CF.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_BP.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern6.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern5.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern4.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern3.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern2.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern131.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern121.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern1.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPicMgr.dll
2012-02-26 02:18:24 ----D---- C:\ProgramData\Panasonic
2012-02-26 01:57:44 ----A---- C:\Windows\system32\drivers\cdrbsdrv.sys
2012-02-26 01:57:37 ----A---- C:\Windows\SYSWOW64\GenSvcInst.exe
2012-02-26 01:57:37 ----A---- C:\Windows\SYSWOW64\bgsvcgen.exe
2012-02-26 01:54:23 ----D---- C:\Program Files (x86)\Panasonic
2012-02-26 01:54:09 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-02-26 01:54:09 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-26 01:54:03 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-20 18:54:32 ----D---- C:\Program Files (x86)\ABC Amber Nokia Converter
2012-02-19 23:06:02 ----D---- C:\Program Files (x86)\ESET
2012-02-18 08:41:48 ----A---- C:\Windows\system32\shell32.dll
2012-02-18 08:41:47 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-18 08:41:46 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-18 08:41:46 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-18 08:41:43 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-18 08:41:39 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-18 08:41:39 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-17 21:07:24 ----D---- C:\Program Files (x86)\Magical Jelly Bean

======List of files/folders modified in the last 3 months======

2012-05-07 00:14:29 ----RD---- C:\Program Files
2012-05-07 00:14:24 ----D---- C:\Windows\Temp
2012-05-07 00:12:07 ----D---- C:\Users\petr\AppData\Roaming\Skype
2012-05-07 00:11:21 ----D---- C:\Windows\system32\config
2012-05-06 23:59:38 ----D---- C:\Windows\tracing
2012-05-06 23:40:54 ----HD---- C:\ProgramData
2012-05-06 23:35:20 ----D---- C:\Users\petr\AppData\Roaming\Gajim
2012-05-06 23:27:58 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-06 23:27:08 ----RD---- C:\Program Files (x86)
2012-05-06 23:27:08 ----D---- C:\Windows\SysWOW64
2012-05-06 23:27:08 ----D---- C:\Windows\system32\drivers
2012-05-06 23:27:08 ----D---- C:\Windows\System32
2012-05-06 22:11:10 ----A---- C:\Windows\SYSWOW64\log.txt
2012-05-06 12:47:42 ----SHD---- C:\System Volume Information
2012-05-06 11:21:04 ----D---- C:\Users\petr\AppData\Roaming\Dropbox
2012-05-05 23:50:19 ----D---- C:\Windows\inf
2012-05-05 23:50:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-01 20:07:33 ----D---- C:\Users\petr\AppData\Roaming\uTorrent
2012-05-01 18:45:28 ----D---- C:\Users\petr\AppData\Roaming\gtk-2.0
2012-05-01 14:28:03 ----D---- C:\Windows\Prefetch
2012-04-30 19:43:41 ----D---- C:\Users\petr\AppData\Roaming\dvdcss
2012-04-30 12:36:46 ----D---- C:\ProgramData\PCDr
2012-04-28 15:03:29 ----D---- C:\Windows\system32\catroot
2012-04-25 20:36:50 ----SHD---- C:\Windows\Installer
2012-04-25 20:36:50 ----D---- C:\Program Files\Microsoft Security Client
2012-04-25 20:36:38 ----D---- C:\Windows
2012-04-25 20:36:36 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-04-25 20:35:45 ----D---- C:\Windows\system32\DriverStore
2012-04-25 15:35:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-24 23:49:01 ----D---- C:\Windows\winsxs
2012-04-24 23:39:51 ----D---- C:\Windows\system32\Tasks
2012-04-24 23:09:39 ----RD---- C:\Program Files (x86)\Skype
2012-04-24 23:09:39 ----D---- C:\Program Files (x86)\Common Files
2012-04-24 23:09:35 ----D---- C:\ProgramData\Skype
2012-04-20 19:08:17 ----D---- C:\temp
2012-04-18 23:10:54 ----D---- C:\Program Files\Common Files
2012-04-18 14:52:02 ----D---- C:\Windows\system32\catroot2
2012-04-18 14:49:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-14 09:46:18 ----A---- C:\Windows\system32\ricdb.ini
2012-04-11 13:51:07 ----D---- C:\Windows\Microsoft.NET
2012-04-11 13:51:06 ----RSD---- C:\Windows\assembly
2012-04-11 10:35:34 ----D---- C:\Windows\SYSWOW64\migration
2012-04-11 10:35:34 ----D---- C:\Windows\system32\migration
2012-04-11 10:35:34 ----D---- C:\Program Files\Internet Explorer
2012-04-11 10:35:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-11 10:31:44 ----D---- C:\ProgramData\Microsoft Help
2012-04-11 10:28:13 ----A---- C:\Windows\system32\MRT.exe
2012-04-09 17:55:53 ----D---- C:\Windows\system32\NDF
2012-04-06 09:57:38 ----D---- C:\Windows\Tasks
2012-04-06 09:21:38 ----RSD---- C:\Windows\Media
2012-04-06 09:20:22 ----D---- C:\Windows\Downloaded Installations
2012-04-06 09:17:40 ----D---- C:\Program Files\Intel
2012-04-06 09:07:00 ----D---- C:\Program Files (x86)\Lenovo
2012-04-06 08:55:54 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-03-16 11:49:46 ----D---- C:\Users\petr\AppData\Roaming\Real
2012-03-01 16:42:02 ----D---- C:\Users\petr\AppData\Roaming\PC Suite
2012-03-01 16:35:03 ----D---- C:\Users\petr\AppData\Roaming\Nokia
2012-02-28 12:53:06 ----RSD---- C:\Windows\Fonts
2012-02-27 14:00:06 ----DC---- C:\Windows\system32\DRVSTORE
2012-02-27 13:59:59 ----D---- C:\Users\petr\AppData\Roaming\COMODO
2012-02-26 02:22:33 ----D---- C:\ProgramData\InstallShield
2012-02-26 01:54:02 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-02-19 04:37:47 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-08 11:56:04 ----SD---- C:\Users\petr\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-29 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2012-01-23 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-10-17 146984]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2011-10-17 164392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-10-17 21544]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-10-03 1577088]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 39024]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-27 40248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-23 412432]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 36328]
S3 ATP;Comodo Unite Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2011-06-13 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 172104]
S3 StkCMini;Syntek AVStream USB2.0 ATV; C:\Windows\System32\Drivers\StkCMini.sys [2010-04-16 1816968]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-15 145504]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-10-17 970016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-11-01 1518352]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-08-11 45928]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-17 326168]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-11-01 844560]
R2 RUBotSrv;Trend Micro RUBotted Service; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
R2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2012-03-16 34104]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client; C:\Users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe [2011-10-20 149904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-29 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 07 kvě 2012 05:30

Zdravím.

Vydž minutku, na logu se intenzivně pracuje. Obrázek

#3 Příspěvek od **Mc_Murphy** » 07 kvě 2012 05:41

Troufám si říct, že Tvá podezření se neukázala jako schizofrenní, protože podle mě tam máš skutečně tzv. KeyLogger. To je prográmek na sledování stisknutých kláves. Po vyčištění PC bude nezbytně nutné si změnit veškerá hesla, která na PC používáš!
Viníkem je tento soubor: C:\Windows\svcdotnet\svcdotnet.exe a podezřelý mi je i tento: C:\Windows\hostsvr\hostsvr.exe, které oba se spouštějí při startu systému. Proklepni mi oba na stránkách VirusTotal.

Následující soubory otestuj na stránkách VirusTotal.

C:\Windows\svcdotnet\svcdotnet.exe
C:\Windows\hostsvr\hostsvr.exe
Klikni na [Choose File].
Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
Klikni na [Scan it!].
Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
Výsledek analýzy mi sem vlož (jako odkaz).

Potom na to pustíme rovnou ComboFix.

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš Win XP, spusť pod účtem Správce/Administrator.
Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

petricius · #4 Příspěvek od **petricius** » 07 kvě 2012 11:55

Mc_Murphy, diky moc! Mas to u me.

a) ad svcdotnet.exe a hostsvr.exe... ani jeden ze souboru uz v pocitaci asi nemam. Zkousel jsem zadat do VirusTotal primou cestu, proklikat se, pak jsem overoval pritomnost v adresari s W7 i rucne pres pruzkumnik (se zobrazenim vsech systemovych, skrytych atd) i primo pres prikazovy radek. Ve vsech pripadech hlasilo, ze ani jeden ze souboru neexistuje, stejne jako slozky.

b) log z ComboFix

ComboFix 12-05-07.01 - petr 07.05.2012 11:53:48.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.8075.6069 [GMT 2:00]
Spuštěný z: c:\users\petr\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\petr\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\muzapp.exe
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-07 do 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 10:10 . 2012-05-07 10:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 10:10 . 2012-05-07 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 09:33 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{293B7CF3-8B0E-4AC1-959C-FB2AF85FB6F5}\mpengine.dll
2012-05-06 22:14 . 2012-05-06 22:14 -------- d-----w- C:\rsit
2012-05-06 22:14 . 2012-05-06 22:14 -------- d-----w- c:\program files\trend micro
2012-05-06 21:40 . 2012-05-06 21:40 -------- d-----w- c:\programdata\Trend Micro
2012-05-06 21:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-06 21:27 . 2012-05-06 21:27 -------- d-----w- c:\program files (x86)\WinPcap
2012-05-06 21:26 . 2012-05-06 21:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-05 22:05 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-25 18:36 . 2012-04-25 18:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-24 21:43 . 2011-10-05 03:54 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-24 21:43 . 2011-10-05 03:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-24 21:43 . 2011-10-05 03:41 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-24 21:43 . 2011-10-05 03:54 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-24 21:43 . 2011-10-05 03:41 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-24 21:09 . 2012-04-24 21:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-18 21:10 . 1999-11-12 03:11 183808 ----a-w- c:\windows\SysWow64\BDEADMIN.CPL
2012-04-18 21:10 . 1999-01-20 03:01 210032 ----a-w- c:\windows\SysWow64\DBCLIENT.DLL
2012-04-18 21:10 . 2012-04-18 21:10 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-04-18 21:09 . 2012-04-18 21:11 -------- d-----w- c:\program files (x86)\IN MEDIA KG - CSV-Editor
2012-04-18 21:06 . 2012-04-18 21:06 -------- d-----w- c:\users\petr\AppData\Local\Sam Francke
2012-04-18 12:54 . 2012-04-24 21:54 -------- d-----w- c:\users\petr\AppData\Local\Samsung
2012-04-18 12:54 . 2012-04-18 12:54 -------- d-----w- c:\users\petr\AppData\Roaming\Samsung
2012-04-18 12:51 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-04-18 12:51 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-04-18 12:51 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-04-18 12:51 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-04-18 12:51 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-04-18 12:51 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-04-18 12:51 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-04-18 12:51 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-04-18 12:51 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-04-18 12:51 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-04-18 12:51 . 2011-06-02 05:47 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-04-18 12:50 . 2010-12-21 05:55 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-04-18 12:50 . 2010-12-21 05:55 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-04-18 12:50 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-04-18 12:50 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-04-18 12:50 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-04-18 12:50 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-04-18 12:50 . 2010-12-21 05:55 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-04-18 12:49 . 2012-03-28 20:11 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-04-18 12:49 . 2012-04-18 12:49 -------- d-----w- c:\program files (x86)\MarkAny
2012-04-18 12:49 . 2012-03-28 20:11 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-04-18 12:48 . 2012-04-18 12:50 -------- d-----w- c:\program files (x86)\Samsung
2012-04-18 12:48 . 2012-04-18 12:50 -------- d-----w- c:\programdata\Samsung
2012-04-18 12:47 . 2012-04-18 12:47 -------- d-----w- c:\users\petr\AppData\Local\Downloaded Installations
2012-04-14 16:29 . 2012-04-14 16:29 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 15:02 . 2012-04-13 15:02 -------- d-----w- c:\program files\ESET
2012-04-11 08:30 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:30 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:30 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 08:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 07:26 . 2012-04-10 07:26 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-10 07:26 . 2012-04-10 07:26 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-07 14:26 . 2012-04-07 14:26 -------- d-----w- c:\program files (x86)\Evidence ZO 3.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 21:35 . 2012-04-06 07:57 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 21:35 . 2011-11-30 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 06:55 . 2011-10-04 07:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-20 18:44 . 2011-04-27 13:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2011-04-18 11:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 06:38 . 2012-03-13 17:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 08:04 . 2012-02-10 08:04 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7534ABD-47A0-40C0-9288-3E44267B736C}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 15:14 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:14 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"WebDriveTray"="c:\program files\WebDrive\webdrive.exe" [2011-09-09 2716248]
"Facebook Update"="c:\users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-13 137536]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-08 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
Facebook Messenger.lnk - c:\users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
Gajim.lnk - c:\program files (x86)\Gajim\bin\gajim.exe [2011-7-22 1730560]
Samsung Auto Backup Guage.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-9-25 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-9-25 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-9-25 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-2-26 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe [2011-10-20 149904]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2011-09-09 186968]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 21:35]
.
2012-05-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000Core.job
- c:\users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 16:43]
.
2012-05-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000UA.job
- c:\users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-06 16:43]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 20:51]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 20:51]
.
2012-04-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-05-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2011-09-09 20:04 2128384 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 417560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 169.229.50.4:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\petr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-svcdotnet - c:\windows\svcdotnet\svcdotnet.exe
Wow6432Node-HKLM-Run-hostsvr - c:\windows\hostsvr\hostsvr.exe
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{1424E141-E3C1-4A9C-BB8D-FFBCCC33F9EA}_is1 - c:\program files (x86)\Windows Login Recovery Professional Demo\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1115610728-776513635-1968080765-1000_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@Allowed: (Read) (RestrictedCode)
@=hex:f9,9f,32,b9,ba,ad,cc,01
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:95,12,e4,73,e2,a3,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:ac,18,f0,6a,e1,a3,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:65,72,10,6b,e1,a3,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:3f,4a,57,69,e1,a3,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:19,9b,22,6b,e1,a3,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-05-07 12:41:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-07 10:41
.
Před spuštěním: 95 266 349 056 bytes free
Po spuštění: 95 731 810 304 bytes free
.
- - End Of File - - 5E1978282504F6DDCEDBC34CBBF5D423

Diky moc za tvuj cas i ochotu!

P.

#5 Příspěvek od **Mc_Murphy** » 07 kvě 2012 13:02

To je zvláštní. Musel jsi asi něco dělat po scanu ze RSITu, protože v logu jsou oba programy vidět. Nevadí, dám preventivní mazačku v CF, pro jistotu.

Každopádně máš ještě bordel v zabezpečení, protože máš spuštěny dva antiviry - ESET NOD32 Antivirus 5.0 a Microsoft Security Essentials. Jeden musí z počítače pryč, protože dva AV nebo dva FW mohou způsobovat zpomalení, kolize i dokonce neočekávané pády systému. MSE je zdarma, takže pokud nemáš licenci na ESET NOD32 Antivirus 5.0, odinstaluj ho. Pokud máš platnou licenci, odeber MSE. Napiš mi, jak to je a co odebereš.

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

File::
C:\Windows\hostsvr\hostsvr.exe
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job

Folder::
c:\users\petr\AppData\Local\Facebook
C:\Windows\svcdotnet

Driver::
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
AdobeARMservice

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=-
"Adobe ARM"=-
"UVS10 Preload"=-
"SunJavaUpdateSched"=-
"Trend Micro RUBotted V2.0 Beta"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"=-
"IgfxTray"=-
"Persistence"=-

DDS::
uInternet Settings,ProxyServer = 169.229.50.4:3128

RegNull::
[HKEY_USERS\S-1-5-21-1115610728-776513635-1968080765-1000_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

petricius · #6 Příspěvek od **petricius** » 07 kvě 2012 17:31

Mc_Murphy píše:To je zvláštní. Musel jsi asi něco dělat po scanu ze RSITu, protože v logu jsou oba programy vidět. Nevadí, dám preventivní mazačku v CF, pro jistotu.

mezi RSIT a pokusem o nalezeni jsem napsal jen par zprav na skypu... kazdopadne kdyz jsem je hledal, tak jsem se mrkl i do registru a tam uvedene byly. Ted uz nejsou

Mc_Murphy píše:ESET NOD32 Antivirus 5.0 a Microsoft Security Essentials. Jeden musí z počítače pryč...Napiš mi, jak to je a co odebereš.

nechal jsem NODa, je orig. Po po pravde jsem pred instalaci NODa zapomnel odebrat MSE. Jsem trosku bordelar.

Mc_Murphy píše:Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

ComboFix 12-05-07.01 - petr 07.05.2012 15:55:03.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.8075.5780 [GMT 2:00]
Spuštěný z: c:\users\petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\petr\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
"c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk"
"c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk"
"c:\windows\hostsvr\hostsvr.exe"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job"
"c:\windows\Tasks\SystemToolsDailyTest.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petr\AppData\Local\Facebook
c:\users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
c:\users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
c:\users\petr\AppData\Local\Facebook\Messenger\2.0.4478.0\ThirdPartyCopyrightNotices.txt
c:\users\petr\AppData\Local\Facebook\Messenger\fbmessenger.settings
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\petr\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\petr\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\petr\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
c:\users\petr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
c:\users\petr\AppData\Local\Facebook\Video\Skype\third-party_attributions.txt
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gajim.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1115610728-776513635-1968080765-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_AdobeFlashPlayerUpdateSvc
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-07 do 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 15:58 . 2012-05-07 15:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 15:58 . 2012-05-07 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 15:54 . 2012-04-18 01:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{239F4A42-2764-46D1-BB60-1C8C35976CED}\mpengine.dll
2012-05-06 22:14 . 2012-05-06 22:14 -------- d-----w- C:\rsit
2012-05-06 22:14 . 2012-05-06 22:14 -------- d-----w- c:\program files\trend micro
2012-05-06 21:40 . 2012-05-06 21:40 -------- d-----w- c:\programdata\Trend Micro
2012-05-06 21:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-06 21:27 . 2012-05-06 21:27 -------- d-----w- c:\program files (x86)\WinPcap
2012-05-06 21:26 . 2012-05-06 21:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-24 21:43 . 2011-10-05 03:54 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-04-24 21:43 . 2011-10-05 03:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-04-24 21:43 . 2011-10-05 03:41 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-04-24 21:43 . 2011-10-05 03:54 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-04-24 21:43 . 2011-10-05 03:41 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-04-24 21:09 . 2012-04-24 21:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-18 21:10 . 1999-11-12 03:11 183808 ----a-w- c:\windows\SysWow64\BDEADMIN.CPL
2012-04-18 21:10 . 1999-01-20 03:01 210032 ----a-w- c:\windows\SysWow64\DBCLIENT.DLL
2012-04-18 21:10 . 2012-04-18 21:10 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-04-18 21:09 . 2012-04-18 21:11 -------- d-----w- c:\program files (x86)\IN MEDIA KG - CSV-Editor
2012-04-18 21:06 . 2012-04-18 21:06 -------- d-----w- c:\users\petr\AppData\Local\Sam Francke
2012-04-18 12:54 . 2012-04-24 21:54 -------- d-----w- c:\users\petr\AppData\Local\Samsung
2012-04-18 12:54 . 2012-04-18 12:54 -------- d-----w- c:\users\petr\AppData\Roaming\Samsung
2012-04-18 12:51 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-04-18 12:51 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-04-18 12:51 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-04-18 12:51 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-04-18 12:51 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-04-18 12:51 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-04-18 12:51 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-04-18 12:51 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-04-18 12:51 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-04-18 12:51 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-04-18 12:51 . 2011-06-02 05:47 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-04-18 12:50 . 2010-12-21 05:55 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-04-18 12:50 . 2010-12-21 05:55 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-04-18 12:50 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-04-18 12:50 . 2010-12-21 05:55 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-04-18 12:50 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-04-18 12:50 . 2010-12-21 05:55 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-04-18 12:50 . 2010-12-21 05:55 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-04-18 12:49 . 2012-03-28 20:11 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-04-18 12:49 . 2012-04-18 12:49 -------- d-----w- c:\program files (x86)\MarkAny
2012-04-18 12:49 . 2012-03-28 20:11 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-04-18 12:48 . 2012-04-18 12:50 -------- d-----w- c:\program files (x86)\Samsung
2012-04-18 12:48 . 2012-04-18 12:50 -------- d-----w- c:\programdata\Samsung
2012-04-18 12:47 . 2012-04-18 12:47 -------- d-----w- c:\users\petr\AppData\Local\Downloaded Installations
2012-04-14 16:29 . 2012-04-14 16:29 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 15:02 . 2012-04-13 15:02 -------- d-----w- c:\program files\ESET
2012-04-11 08:30 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:30 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:30 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 08:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 07:26 . 2012-04-10 07:26 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-10 07:26 . 2012-04-10 07:26 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 21:35 . 2012-04-06 07:57 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 21:35 . 2011-11-30 20:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 06:55 . 2011-10-04 07:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 17:03 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:03 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:03 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:03 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 15:14 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 15:14 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-07_10.17.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-05-07 16:05 39602 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-20 17:21 . 2012-05-07 16:05 8576 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1115610728-776513635-1968080765-1000_UserData.bin
+ 2012-05-07 16:02 . 2012-05-07 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-07 10:12 . 2012-05-07 10:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 16:02 . 2012-05-07 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-07 10:12 . 2012-05-07 10:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-20 23:29 . 2012-05-07 13:26 387150 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-07 13:35 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-07 13:35 106622 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-07 16:01 334520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-07 10:11 334520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-13 20:52 . 2012-05-07 10:11 2947864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-13 20:52 . 2012-05-07 16:01 2947864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-21 13:48 . 2012-05-07 16:01 5810428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115610728-776513635-1968080765-1000-8192.dat
- 2011-09-26 13:04 . 2012-05-07 10:11 2900940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115610728-776513635-1968080765-1000-12288.dat
+ 2011-09-26 13:04 . 2012-05-07 16:01 2900940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115610728-776513635-1968080765-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"WebDriveTray"="c:\program files\WebDrive\webdrive.exe" [2011-09-09 2716248]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2010-03-31 249856]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
.
c:\users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
Samsung Auto Backup Guage.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-9-25 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-9-25 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-9-25 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-2-26 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe [2011-10-20 149904]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [2011-09-09 186968]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\petr\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2011-09-09 20:04 2128384 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-24 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-24 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-24 417560]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
"combofix"="c:\combofix\CF8375.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\petr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2012-05-07 18:22:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-07 16:22
ComboFix2.txt 2012-05-07 10:42
.
Před spuštěním: 95 843 737 600 bytes free
Po spuštění: 95 228 354 560 bytes free
.
- - End Of File - - 68041B426F7DD5BBAA6292C61B502904

#7 Příspěvek od **Mc_Murphy** » 07 kvě 2012 18:05

petricius píše:mezi RSIT a pokusem o nalezeni jsem napsal jen par zprav na skypu... kazdopadne kdyz jsem je hledal, tak jsem se mrkl i do registru a tam uvedene byly. Ted uz nejsou

Fakt zvláštní. Soubory neodchází z disku jen tak. Zvláště ne tento typ souborů. Však na to ještě trošku mrkneme.

petricius píše:nechal jsem NODa, je orig. Po po pravde jsem pred instalaci NODa zapomnel odebrat MSE. Jsem trosku bordelar.

OK, pokud je legální, je vše v pořádku a není důvod tam mít další antivir.
Jinak Ti rozumím, jsem taky dost bordelář.

Výborně, dobrá práce s odinstalací. ComboFix také provedl, co měl, tak si dáme ještě pro jistotu další scan, aby se nám tam něco neschovávalo.

Nejprve odinstaluj ComboFix.

Přejmenuj ComboFix na Uninstall.
Spusť jej.
Tohle smaže ComboFix a jeho složky.

Potom stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

petricius · #8 Příspěvek od **petricius** » 08 kvě 2012 15:43

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
petr :: PETR-THINK [administrator]

Protection: Enabled

8.5.2012 15:30:48
mbam-log-2012-05-08 (15-30-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 457979
Time elapsed: 55 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 Příspěvek od **Mc_Murphy** » 08 kvě 2012 16:06

Výborně, log MBAMu je čistý, jak sám vidíš, takže teď MBAM zase odinstaluj.

Až to provedeš, napiš mi, jak se chová počítač a přilož aktuální scan ze RSITu.

petricius · #10 Příspěvek od **petricius** » 09 kvě 2012 20:44

Mc_Murphy píše: Výborně, log MBAMu je čistý, jak sám vidíš, takže teď MBAM zase odinstaluj.

Až to provedeš, napiš mi, jak se chová počítač a přilož aktuální scan ze RSITu.

Chvíli jsem tu MBAM nechal, zachytil jen toto:

Kód: Vybrat vše

2012/05/09 08:57:54 +0200	PETR-THINK	petr	MESSAGE	Starting protection
2012/05/09 08:58:15 +0200	PETR-THINK	petr	MESSAGE	Protection started successfully
2012/05/09 08:58:18 +0200	PETR-THINK	petr	MESSAGE	Starting IP protection
2012/05/09 08:58:22 +0200	PETR-THINK	petr	MESSAGE	IP Protection started successfully
2012/05/09 13:53:17 +0200	PETR-THINK	petr	IP-BLOCK	60.191.186.52 (Type: incoming, Port: 28787, Process: svchost.exe)
2012/05/09 15:22:34 +0200	PETR-THINK	petr	IP-BLOCK	79.142.74.115 (Type: outgoing, Port: 6112, Process: skype.exe)
2012/05/09 15:37:02 +0200	PETR-THINK	petr	IP-BLOCK	121.10.115.62 (Type: incoming, Port: 31862, Process: svchost.exe)
2012/05/09 16:42:43 +0200	PETR-THINK	petr	IP-BLOCK	79.142.74.115 (Type: outgoing, Port: 53706, Process: skype.exe)
2012/05/09 16:42:43 +0200	PETR-THINK	petr	IP-BLOCK	79.142.74.115 (Type: outgoing, Port: 53707, Process: skype.exe)
2012/05/09 17:05:00 +0200	PETR-THINK	petr	IP-BLOCK	77.78.240.249 (Type: outgoing, Port: 6112, Process: skype.exe)
2012/05/09 17:17:36 +0200	PETR-THINK	petr	MESSAGE	Starting protection
2012/05/09 17:17:46 +0200	PETR-THINK	petr	MESSAGE	Protection started successfully
2012/05/09 17:17:49 +0200	PETR-THINK	petr	MESSAGE	Starting IP protection
2012/05/09 17:17:52 +0200	PETR-THINK	petr	MESSAGE	IP Protection started successfully
2012/05/09 20:54:12 +0200	PETR-THINK	petr	IP-BLOCK	77.78.232.239 (Type: outgoing, Port: 6112, Process: skype.exe)

Coz je predpokladam ok. Ted jsem provedl uninst. Dam rest. a hodim log.

petricius · #11 Příspěvek od **petricius** » 09 kvě 2012 21:23

Logfile of random's system information tool 1.09 (written by random/random)
Run by petr at 2012-05-09 22:20:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 102 GB (35%) free of 294 GB
Total RAM: 8075 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:20:34, on 9.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\petr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe /trayicon
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Startup: Dropbox.lnk = petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\petr\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\SysWOW64\bgsvcgen.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13150 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 25547488
\??\C:\Windows\system32\conhost.exe "1423803183-17890690771367724463416777778-856849797-984959787-1367118510-342676992
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Windows\SysWOW64\bgsvcgen.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe"
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
"C:\Program Files\WebDrive\wdService.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2408
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"taskhost.exe"
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
taskeng.exe {A1F75F22-356D-4430-810A-188FA774AD80}
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.FullScreenMagnifier
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
"C:\Windows\system32\Dwm.exe"
taskeng.exe {785D0DB0-A030-45B9-B124-00A7C40929E5}
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\TpShocks.exe"
"C:\Program Files\CONEXANT\ForteConfig\fmapp.exe"
"C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files\WebDrive\WebDrive.exe" /trayicon
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe" -e "C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 5.1 HD\PHOTOfunSTUDIO.exe"
"C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe"
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\\SRORest.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{77438F3D-744F-4692-A266-D6A2538C4AAC}
{7BF743F2-83F9-46B7-BFC0-4C8EEB307CA2}
{75DE7D3F-4585-48A2-99E5-839C323EDBF7}
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe" -Embedding
taskeng.exe {398FF583-A50B-4EEC-B0C9-C0EF265BAC1D}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Lenovo\System Update\SUService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\petr\Downloads\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default

prefs.js - "browser.search.useDBForOrder" - true

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198]
"Description"=15.0.0.198
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
npdjvu.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\extensions\
cs@dictionaries.addons.mozilla.org
en-GB@dictionaries.addons.mozilla.org
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

C:\Users\petr\AppData\Roaming\Mozilla\Firefox\Profiles\dpqk81lb.default\searchplugins\
google-images.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-12-08 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-06 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-06 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-23 2868496]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2011-03-29 380776]
"ForteConfig"=C:\Program Files\Conexant\ForteConfig\fmapp.exe [2010-10-26 49056]
"ALCKRESI.EXE"=C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-09-27 386408]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-12-14 316032]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-24 392984]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]
"WebDriveTray"=C:\Program Files\WebDrive\webdrive.exe [2011-09-09 2716248]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-03-31 954256]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-03-31 21392]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2011-01-17 112152]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"RotateImage"=C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [2008-10-30 55808]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-03-31 3521424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PHOTOfunSTUDIO 5.1 HD Edition.lnk - C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

C:\Users\petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\petr\AppData\Roaming\Dropbox\bin\Dropbox.exe
Samsung Auto Backup Guage.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-09-25 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 3 months======

2012-05-09 16:42:15 ----SHD---- C:\Config.Msi
2012-05-09 15:51:13 ----D---- C:\Program Files (x86)\Caminova
2012-05-09 12:48:36 ----A---- C:\Windows\system32\DWrite.dll
2012-05-09 12:48:35 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-09 12:48:34 ----A---- C:\Windows\system32\win32k.sys
2012-05-09 12:48:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-09 12:48:33 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-09 12:48:32 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-09 12:48:07 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-09 12:47:52 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 15:29:06 ----D---- C:\Users\petr\AppData\Roaming\Malwarebytes
2012-05-08 15:28:52 ----D---- C:\ProgramData\Malwarebytes
2012-05-08 15:26:19 ----SD---- C:\32788R22FWJFW
2012-05-08 13:44:24 ----A---- C:\Windows\SYSWOW64\~.tmp
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\ssprs.dll
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\serauth2.dll
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\serauth1.dll
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\nsprs.dll
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\clauth2.dll
2012-05-08 13:42:46 ----A---- C:\Windows\SYSWOW64\clauth1.dll
2012-05-08 13:42:11 ----D---- C:\Program Files (x86)\SPSS Viewer
2012-05-08 13:42:08 ----A---- C:\Windows\SYSWOW64\sysprs7.dll
2012-05-08 13:42:08 ----A---- C:\Windows\SYSWOW64\lsprst7.dll
2012-05-07 18:23:08 ----D---- C:\Windows\temp
2012-05-07 18:22:50 ----A---- C:\ComboFix.txt
2012-05-07 18:03:42 ----D---- C:\$RECYCLE.BIN
2012-05-07 11:51:25 ----D---- C:\Windows\ERDNT
2012-05-07 00:14:29 ----D---- C:\rsit
2012-05-07 00:14:29 ----D---- C:\Program Files\trend micro
2012-05-06 23:40:54 ----D---- C:\ProgramData\Trend Micro
2012-05-06 23:27:58 ----A---- C:\Windows\SYSWOW64\drivers\tmcomm.sys
2012-05-06 23:27:08 ----D---- C:\Program Files (x86)\WinPcap
2012-05-06 23:26:48 ----D---- C:\Program Files (x86)\Trend Micro
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbport.sys
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbd.sys
2012-04-24 23:43:56 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2012-04-24 23:43:55 ----A---- C:\Windows\system32\drivers\usbhub.sys
2012-04-24 23:43:55 ----A---- C:\Windows\system32\drivers\usbehci.sys
2012-04-19 00:19:35 ----D---- C:\Users\petr\AppData\Roaming\Temp
2012-04-18 23:10:56 ----A---- C:\Windows\SYSWOW64\DBCLIENT.DLL
2012-04-18 23:10:54 ----D---- C:\Program Files\Common Files\Borland Shared
2012-04-18 23:09:53 ----D---- C:\Program Files (x86)\IN MEDIA KG - CSV-Editor
2012-04-18 14:54:03 ----D---- C:\Users\petr\AppData\Roaming\Samsung
2012-04-18 14:51:19 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2012-04-18 14:51:19 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2012-04-18 14:51:18 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdwhnt.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdwh.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdmdm.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdmdfl.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdcmnt.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdcm.sys
2012-04-18 14:50:51 ----A---- C:\Windows\system32\drivers\sscdbus.sys
2012-04-18 14:49:52 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2012-04-18 14:49:41 ----D---- C:\Program Files (x86)\MarkAny
2012-04-18 14:49:41 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
2012-04-18 14:48:56 ----D---- C:\ProgramData\Samsung
2012-04-18 14:48:56 ----D---- C:\Program Files (x86)\Samsung
2012-04-14 18:29:05 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-13 17:02:46 ----D---- C:\ProgramData\ESET
2012-04-13 17:02:46 ----D---- C:\Program Files\ESET
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-11 10:31:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\jscript9.dll
2012-04-11 10:31:08 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-11 10:31:07 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\url.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\jscript.dll
2012-04-11 10:31:07 ----A---- C:\Windows\system32\ieui.dll
2012-04-11 10:31:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-11 10:31:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-11 10:31:06 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 10:31:06 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 10:31:05 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-11 10:31:05 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 10:31:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-11 10:31:04 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 10:28:04 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-11 10:28:04 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 10:28:04 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 10:28:03 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-11 10:28:03 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-11 10:28:03 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 10:28:03 ----A---- C:\Windows\system32\wintrust.dll
2012-04-07 16:26:05 ----D---- C:\Program Files (x86)\Evidence ZO 3.5
2012-04-06 09:57:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxtray.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxTMM.dll
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxsrvc.exe
2012-04-06 09:22:16 ----A---- C:\Windows\system32\igfxCoIn_v2622.dll
2012-04-06 09:22:15 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2012-04-06 09:22:15 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxress.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxpers.exe
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxext.exe
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxdo.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2012-04-06 09:22:15 ----A---- C:\Windows\system32\igfxdev.dll
2012-04-06 09:22:13 ----A---- C:\Windows\SYSWOW64\igdde32.dll
2012-04-06 09:22:13 ----A---- C:\Windows\system32\igdde64.dll
2012-04-06 09:22:13 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2012-04-06 09:22:12 ----A---- C:\Windows\system32\ig4icd64.dll
2012-04-06 09:22:11 ----A---- C:\Windows\SYSWOW64\ig4icd32.dll
2012-04-06 09:22:11 ----A---- C:\Windows\system32\hkcmd.exe
2012-04-06 09:22:11 ----A---- C:\Windows\system32\GfxUI.exe
2012-04-06 09:22:11 ----A---- C:\Windows\system32\gfxSrvc.dll
2012-04-06 09:22:11 ----A---- C:\Windows\system32\difx64.exe
2012-04-06 09:19:41 ----A---- C:\Windows\system32\NicInstC.dll
2012-04-06 09:19:40 ----A---- C:\Windows\system32\e1cmsg.dll
2012-04-06 09:19:40 ----A---- C:\Windows\system32\drivers\e1c62x64.sys
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynTPEnhPS.dll
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynTPCOM.dll
2012-04-06 09:19:05 ----A---- C:\Windows\SYSWOW64\SynCtrl.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynTPCo9.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynTPAPI.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\SynCtrl.dll
2012-04-06 09:19:05 ----A---- C:\Windows\system32\drivers\SynTP.sys
2012-04-06 09:19:04 ----A---- C:\Windows\SYSWOW64\SynCOM.dll
2012-04-06 09:18:23 ----D---- C:\ProgramData\Intel
2012-04-06 09:17:40 ----D---- C:\Program Files (x86)\Cisco
2012-04-06 09:06:50 ----A---- C:\Windows\system32\drivers\psadd.sys
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-04-06 08:56:03 ----A---- C:\Windows\SYSWOW64\java.exe
2012-04-06 08:55:53 ----D---- C:\Program Files (x86)\Java
2012-03-28 22:11:08 ----A---- C:\Windows\MusiccityDownload.exe
2012-03-28 22:11:08 ----A---- C:\Windows\MASetupCaller.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzwmts.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzapp.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\muzaf1.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MTXSYNCICON.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MTTELECHIP.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSLUR71.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSFLib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MSCLib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MK_Lyric.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaXMLProto.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MASetupCleaner.exe
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MAMACExtract.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaJGUILib.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MaDRM.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\MACXMLProto.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_se-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_pe-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\issacapi_bs-2.3.dll
2012-03-28 22:11:06 ----A---- C:\Windows\SYSWOW64\cis-2.4.dll
2012-03-22 01:02:46 ----D---- C:\ProgramData\ReaConverter
2012-03-22 01:02:28 ----D---- C:\Users\petr\AppData\Roaming\RCP 6
2012-03-22 01:01:44 ----D---- C:\Program Files (x86)\ReaConverter 6.7 Standard
2012-03-16 12:01:12 ----D---- C:\ProgramData\Freemake
2012-03-16 12:00:45 ----D---- C:\Program Files (x86)\Freemake
2012-03-13 19:03:49 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-13 19:03:48 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-13 19:03:48 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-13 19:03:39 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-13 19:03:39 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-13 19:03:39 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-13 19:03:38 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-09 14:47:47 ----HD---- C:\ProgramData\CanonBJ
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK2.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK.ini
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICSDK.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\PICEntry.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EpPicPrt.dll
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPrinterDB.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_PT.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_IT.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_GE.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_FR.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_ES.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_EN.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_DU.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_CF.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_BP.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern6.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern5.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern4.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern3.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern2.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern131.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern121.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPICPattern1.dat
2012-02-26 02:22:32 ----A---- C:\Windows\SYSWOW64\EPPicMgr.dll
2012-02-26 02:18:24 ----D---- C:\ProgramData\Panasonic
2012-02-26 01:57:44 ----A---- C:\Windows\system32\drivers\cdrbsdrv.sys
2012-02-26 01:57:37 ----A---- C:\Windows\SYSWOW64\GenSvcInst.exe
2012-02-26 01:57:37 ----A---- C:\Windows\SYSWOW64\bgsvcgen.exe
2012-02-26 01:54:23 ----D---- C:\Program Files (x86)\Panasonic
2012-02-26 01:54:09 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-02-26 01:54:09 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-02-26 01:54:03 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2012-02-20 18:54:32 ----D---- C:\Program Files (x86)\ABC Amber Nokia Converter
2012-02-19 23:06:02 ----D---- C:\Program Files (x86)\ESET
2012-02-18 08:41:48 ----A---- C:\Windows\system32\shell32.dll
2012-02-18 08:41:47 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-18 08:41:46 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-18 08:41:46 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-18 08:41:43 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-18 08:41:39 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-18 08:41:39 ----A---- C:\Windows\system32\msvcrt.dll

======List of files/folders modified in the last 3 months======

2012-05-09 22:19:22 ----A---- C:\Windows\SYSWOW64\log.txt
2012-05-09 22:18:55 ----D---- C:\Users\petr\AppData\Roaming\Dropbox
2012-05-09 22:17:07 ----RD---- C:\Program Files (x86)
2012-05-09 22:16:09 ----D---- C:\Users\petr\AppData\Roaming\Skype
2012-05-09 22:13:28 ----D---- C:\Windows\tracing
2012-05-09 21:40:40 ----D---- C:\Windows\system32\drivers
2012-05-09 17:55:51 ----D---- C:\Windows\system32\config
2012-05-09 17:32:51 ----RSD---- C:\Windows\assembly
2012-05-09 17:32:51 ----D---- C:\Windows\Microsoft.NET
2012-05-09 17:22:05 ----D---- C:\Windows\System32
2012-05-09 17:22:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-09 17:22:04 ----D---- C:\Windows\inf
2012-05-09 17:21:01 ----D---- C:\Windows\system32\Tasks
2012-05-09 17:15:29 ----D---- C:\Windows\winsxs
2012-05-09 17:14:13 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 17:13:18 ----D---- C:\Windows\SysWOW64
2012-05-09 16:59:30 ----A---- C:\Windows\system32\MRT.exe
2012-05-09 16:59:26 ----SHD---- C:\Windows\Installer
2012-05-09 16:59:19 ----D---- C:\ProgramData\Microsoft Help
2012-05-09 16:51:36 ----D---- C:\Windows\system32\catroot
2012-05-09 16:38:12 ----D---- C:\Program Files\Windows Journal
2012-05-09 16:37:58 ----SHD---- C:\System Volume Information
2012-05-09 12:47:27 ----D---- C:\Windows\system32\catroot2
2012-05-08 15:28:52 ----D---- C:\ProgramData
2012-05-08 15:28:46 ----D---- C:\Windows\Prefetch
2012-05-08 15:26:49 ----D---- C:\Windows
2012-05-08 13:42:29 ----RSD---- C:\Windows\Fonts
2012-05-07 18:03:59 ----A---- C:\Windows\system.ini
2012-05-07 18:03:35 ----D---- C:\Windows\system32\drivers\etc
2012-05-07 17:43:18 ----D---- C:\Windows\Tasks
2012-05-07 17:07:53 ----D---- C:\Windows\SYSWOW64\drivers
2012-05-07 17:07:52 ----D---- C:\Windows\AppPatch
2012-05-07 17:07:50 ----D---- C:\Program Files\Common Files
2012-05-07 17:07:50 ----D---- C:\Program Files (x86)\Common Files
2012-05-07 15:48:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-07 15:35:59 ----RD---- C:\Program Files
2012-05-07 15:26:49 ----D---- C:\Users\petr\AppData\Roaming\Gajim
2012-05-01 20:07:33 ----D---- C:\Users\petr\AppData\Roaming\uTorrent
2012-05-01 18:45:28 ----D---- C:\Users\petr\AppData\Roaming\gtk-2.0
2012-04-30 19:43:41 ----D---- C:\Users\petr\AppData\Roaming\dvdcss
2012-04-30 12:36:46 ----D---- C:\ProgramData\PCDr
2012-04-25 20:36:36 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-04-25 20:35:45 ----D---- C:\Windows\system32\DriverStore
2012-04-24 23:09:39 ----RD---- C:\Program Files (x86)\Skype
2012-04-24 23:09:35 ----D---- C:\ProgramData\Skype
2012-04-20 19:08:17 ----D---- C:\temp
2012-04-18 14:49:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-14 09:46:18 ----A---- C:\Windows\system32\ricdb.ini
2012-04-11 10:35:34 ----D---- C:\Windows\SYSWOW64\migration
2012-04-11 10:35:34 ----D---- C:\Windows\system32\migration
2012-04-11 10:35:34 ----D---- C:\Program Files\Internet Explorer
2012-04-11 10:35:34 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-09 17:55:53 ----D---- C:\Windows\system32\NDF
2012-04-06 09:21:38 ----RSD---- C:\Windows\Media
2012-04-06 09:20:22 ----D---- C:\Windows\Downloaded Installations
2012-04-06 09:17:40 ----D---- C:\Program Files\Intel
2012-04-06 09:07:00 ----D---- C:\Program Files (x86)\Lenovo
2012-04-06 08:55:54 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-03-16 11:49:46 ----D---- C:\Users\petr\AppData\Roaming\Real
2012-03-01 16:42:02 ----D---- C:\Users\petr\AppData\Roaming\PC Suite
2012-03-01 16:35:03 ----D---- C:\Users\petr\AppData\Roaming\Nokia
2012-02-27 14:00:06 ----DC---- C:\Windows\system32\DRVSTORE
2012-02-27 13:59:59 ----D---- C:\Users\petr\AppData\Roaming\COMODO
2012-02-26 02:22:33 ----D---- C:\ProgramData\InstallShield
2012-02-26 01:54:02 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-02-23 10:18:36 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DzHDD64;DzHDD64; C:\Windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-29 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2012-01-23 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 47632]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
R2 WebDriveFSD;WebDrive Filesystem Driver; \??\C:\Program Files\WebDrive\wdfsd.sys [2011-09-09 186968]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-10-17 146984]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2011-10-17 164392]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-10-17 21544]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-10-03 1577088]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2012-01-11 360624]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 39024]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-27 40248]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-23 412432]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2010-12-21 36328]
S3 ATP;Comodo Unite Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2011-08-17 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pmxdrv;pmxdrv; \??\C:\Windows\system32\drivers\pmxdrv.sys [2011-06-13 31152]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2010-12-21 136264]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2010-12-21 19016]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2010-12-21 172104]
S3 StkCMini;Syntek AVStream USB2.0 ATV; C:\Windows\System32\Drivers\StkCMini.sys [2010-04-16 1816968]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\SysWOW64\bgsvcgen.exe [2007-06-15 145504]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-10-17 970016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-17 198784]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-11-01 1518352]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-08-11 45928]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-01-17 326168]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-11-01 844560]
R2 RUBotSrv;Trend Micro RUBotted Service; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 SROSVC;Screen Reading Optimizer Service Program; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
R2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2012-03-16 34104]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client; C:\Users\petr\Forefront UAG Remote Access Agent\uos-portalsalfordacuk\uosportal1\uagqecsvc.exe [2011-10-20 149904]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R2 WebDriveService;WebDrive Service; C:\Program Files\WebDrive\wdService.exe [2011-09-09 2530392]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-29 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]

-----------------EOF-----------------

#12 Příspěvek od **Mc_Murphy** » 10 kvě 2012 12:38

Ano, to je v pořádku.

Fixni v HJT níže uvedené položky.

Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
Položky, které v seznamu nenajdeš, prostě přeskoč.
HJT najdeš zde: C:\Program Files\trend micro\petr.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Dále stáhni utilitu OTM z jednoho z těchto odkazů:

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Services
catchme

:Files
C:\$RECYCLE.BIN
C:\Windows\hostsvr
C:\Windows\svcdotnet
C:\Users\petr\AppData\Roaming\Malwarebytes
C:\ProgramData\Malwarebytes
C:\Windows\SYSWOW64\~.tmp
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

petricius · #13 Příspěvek od **petricius** » 12 kvě 2012 09:15

All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113795 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61910631 bytes
->Flash cache emptied: 57255 bytes

User: petr
->Temp folder emptied: 48989123 bytes
->Temporary Internet Files folder emptied: 252169647 bytes
->Java cache emptied: 366432 bytes
->FireFox cache emptied: 508571637 bytes
->Flash cache emptied: 15363341 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1874383 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52001959 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 32764 bytes

Total Files Cleaned = 898.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: petr
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

========== SERVICES/DRIVERS ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
========== FILES ==========
C:\$RECYCLE.BIN\S-1-5-21-1115610728-776513635-1968080765-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File/Folder C:\Windows\hostsvr not found.
File/Folder C:\Windows\svcdotnet not found.
C:\Users\petr\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Users\petr\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Users\petr\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Users\petr\AppData\Roaming\Malwarebytes folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\ProgramData\Malwarebytes folder moved successfully.
File/Folder C:\Windows\SYSWOW64\~.tmp not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB50D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE58A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1627.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP37C9.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP497A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP664C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6CB3.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6E37.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAC86.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB412.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB65C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\SoftwareDistribution\Download\16675d95cb592dcea95c7d68ae45fe45\BIT162A.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\22398ef64cbe3dd85660c324425891cc\BIT194F.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\2a55dd73fc65c85fb8c29bb88aac7b3d\BIT1746.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\37012b63e6d16dc12d7904ebd89e350e\BIT1AF9.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\3bd5308cd0b5bd67a865ccadde38707e\BIT1A9A.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\3de14b7f5ac30bd3da1474a11f9e31d1\BIT99CE.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\4276ca8b3373bc3798d1bf5dc97c9814\BIT1795.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\47faf4b20e0efa49315dbfee4d57236c\BIT18B1.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\49585d28533e61875f6302582ff6e76d\BIT14AF.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\4da2e72b06ced9535127313d55ca8e1e\BIT12F4.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\5bde14eadd32f7907f59bd589590619f\BIT19ED.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\5dfba726d968ccaa1cdc392f9071c392\BIT17E4.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\5e4a463701d54c4527859ea6f3fbc498\BIT1842.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\6993638be416c67f97c446c063127117\BIT15FA.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\706c5a611fcdb874ae86b12bb9c70c4c\BIT1226.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\7333e1d03635eb070f063fd5a9937c1a\BIT150D.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\827a16e4fba28eeef74d212dee4c0279\BIT153D.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\894a72d3fb16a7e332921c95445e0605\BIT1333.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\a78917d05748669fcf5a38a8f38776a2\BIT1460.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\b46fa1a52c1ab65df326a3087eadb7c4\BIT12A5.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\ce301d56a3e55c15482b690b25c44562\BIT3D61.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\d4e1eb2d43387f17283440dd6e32b800\BIT13C2.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\d64350e7d28d0539583456ce2df51fd2\BIT1900.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\eb133aa4681b6f29db75915451a6c4b5\BIT1265.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\ec86c1527f6cc1ef63504167bbb8b689\BIT16E7.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\ef38695ae943033caaabc0c2d5bd5882\BIT199E.tmp moved successfully.
C:\Windows\SoftwareDistribution\Download\f1eb035a88c96e55f04cb025e02ae297\BIT1A4B.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 05122012_025003

Files moved on Reboot...
C:\Users\petr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\petr\AppData\Local\Temp\SafeQClientUI.log moved successfully.

Registry entries deleted on Reboot...

#14 Příspěvek od **Mc_Murphy** » 12 kvě 2012 13:27

Výborně, OTM provedlo, co mělo.

Jak se chová počítač?

petricius · #15 Příspěvek od **petricius** » 12 kvě 2012 18:08

Naprosto v pohode. Hlavni zmeny, ktere pozoruji (beh systemu byl i pred timhle ocistnym procesem pomerne hladky), je rychlejsi nabootovani a asi s nejvetsi pravdepodobnosti si mi pomohl zbavit se nejakeho procesu na pozadi, protoze driv jsem sledoval, ze obcas, kdyz jsem u pocitace nesedel a bezel, tak intenzivneji problikavala ikonka pracujiciho HDD, coz se zatim nestalo. Kazdopadne dekuju moc za tvuj cas!

VIRY.CZ

hluboce prosim o kontrolu logu - moznost "odposlechu" PC

hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC

Re: hluboce prosim o kontrolu logu - moznost "odposlechu" PC