kontrola logu+problémy

Zpráva

eXtenZ · #1 Příspěvek od **eXtenZ** » 19 kvě 2012 16:40

Zdravím, priateľkyn nb má nejaké problémy, spomalený systém, pomalé surfovanie po nete.
Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Olinka at 2012-05-19 17:37:28
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 151 GB (32%) free of 477 GB
Total RAM: 4026 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:40, on 19. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\ICQ7M\ICQ.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Olinka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - (no file)
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7941 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {032F1E35-0219-401B-A3F3-18E05CB33CB9}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2544.1.84634833\261919440" /prefetch:3
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2544.3.1838404450\502296541" /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/11/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="2544.6.1063021723\1426424108" /prefetch:3
C:\Windows\system32\rundll32.exe "C:\PROGRA~2\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll",BrokerMain browser=chrome
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll" --lang=sk --channel="2544.7.126382886\2022832788" --flash-broker=644 /prefetch:4
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Olinka\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Olinka\AppData\Roaming\Mozilla\Firefox\Profiles\viz6jtfq.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, toolbar@ask.com:3.12.2.16749, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
arccosine.xml
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Olinka\AppData\Roaming\Mozilla\Firefox\Profiles\viz6jtfq.default\searchplugins\
askcom.xml
bing-zugo.xml
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-28 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-06-23 821792]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-18 1808168]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-02 159232]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-02 380928]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-02 358912]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files (x86)\ICQ7M\ICQ.exe [2012-05-02 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2010-12-07 503969]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2036-02-07 03:58:15 ----RA---- C:\Windows\SYSWOW64\3_VETERANI.scr
2012-05-19 17:37:28 ----D---- C:\rsit
2012-05-19 17:37:28 ----D---- C:\Program Files\trend micro
2012-05-09 19:03:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-09 19:03:16 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-08 21:42:57 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-08 21:42:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-08 21:42:17 ----A---- C:\Windows\system32\win32k.sys
2012-05-08 21:42:14 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-08 21:42:13 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-08 21:42:12 ----A---- C:\Windows\system32\DWrite.dll
2012-05-08 21:42:11 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-08 21:42:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 09:51:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-05-02 20:16:28 ----D---- C:\Users\Olinka\AppData\Roaming\ICQ
2012-05-02 20:16:17 ----D---- C:\Program Files (x86)\ICQ7M
2012-04-28 23:31:38 ----D---- C:\Program Files (x86)\Microsoft Works
2012-04-28 23:31:06 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2012-04-28 23:30:34 ----D---- C:\Windows\PCHEALTH
2012-04-28 23:28:19 ----D---- C:\Program Files\Microsoft Office
2012-04-28 23:28:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-28 23:27:12 ----D---- C:\Program Files (x86)\Microsoft Office
2012-04-28 23:26:57 ----RHD---- C:\MSOCache
2012-04-28 23:14:43 ----D---- C:\Users\Olinka\AppData\Roaming\TuneUp Software
2012-04-28 23:14:03 ----D---- C:\ProgramData\TuneUp Software
2012-04-28 23:10:46 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 23:10:46 ----HD---- C:\ProgramData\Common Files
2012-04-28 21:36:56 ----D---- C:\ProgramData\boost_interprocess

======List of files/folders modified in the last 1 month======

2012-05-19 17:37:41 ----D---- C:\Windows\Prefetch
2012-05-19 17:37:36 ----D---- C:\Windows\Temp
2012-05-19 17:37:28 ----RD---- C:\Program Files
2012-05-19 17:01:09 ----D---- C:\Windows\system32\config
2012-05-19 16:19:27 ----D---- C:\Users\Olinka\AppData\Roaming\Skype
2012-05-18 20:39:04 ----D---- C:\Program Files (x86)\EMDB
2012-05-17 19:17:07 ----SHD---- C:\System Volume Information
2012-05-17 08:13:30 ----D---- C:\Windows\system32\catroot2
2012-05-16 15:43:14 ----D---- C:\Windows\System32
2012-05-16 15:43:14 ----D---- C:\Windows\inf
2012-05-16 15:43:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-10 10:11:16 ----SHD---- C:\Windows\Installer
2012-05-10 10:11:16 ----SHD---- C:\Config.Msi
2012-05-10 10:10:56 ----RD---- C:\Program Files (x86)
2012-05-10 10:10:37 ----D---- C:\Windows\SysWOW64
2012-05-10 10:10:37 ----D---- C:\Windows\system32\Tasks
2012-05-09 22:26:06 ----D---- C:\Windows
2012-05-09 12:52:06 ----D---- C:\Windows\Microsoft.NET
2012-05-09 12:52:05 ----RSD---- C:\Windows\assembly
2012-05-09 00:00:29 ----D---- C:\Windows\winsxs
2012-05-08 23:58:18 ----D---- C:\Windows\system32\drivers
2012-05-08 21:58:36 ----D---- C:\Windows\debug
2012-05-08 21:58:34 ----A---- C:\Windows\system32\MRT.exe
2012-05-08 21:58:30 ----D---- C:\ProgramData\Microsoft Help
2012-05-08 21:52:25 ----D---- C:\Windows\system32\catroot
2012-05-08 21:43:53 ----D---- C:\Program Files\Windows Journal
2012-05-08 15:03:36 ----SD---- C:\Users\Olinka\AppData\Roaming\Microsoft
2012-05-05 21:08:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-05 21:08:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-05-04 22:14:45 ----D---- C:\Program Files\Adobe
2012-05-02 20:18:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-30 14:23:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-29 00:01:53 ----A---- C:\Windows\win.ini
2012-04-28 23:44:26 ----HD---- C:\ProgramData
2012-04-28 23:43:04 ----D---- C:\ProgramData\Skype
2012-04-28 23:31:24 ----D---- C:\Program Files (x86)\MSBuild
2012-04-28 23:31:04 ----D---- C:\Windows\ShellNew
2012-04-28 23:30:41 ----RSD---- C:\Windows\Fonts
2012-04-28 23:30:34 ----SD---- C:\ProgramData\Microsoft
2012-04-28 23:30:33 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-04-28 23:29:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-25 10:26:15 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-28 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-02 7369728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-06-18 272432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 aa0i84hf;aa0i84hf; C:\Windows\system32\drivers\aa0i84hf.sys []
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-12-02 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 V0700Vid;Creative Live! Cam Chat HD Driver; C:\Windows\system32\DRIVERS\V0700Vid.sys [2010-10-18 393728]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 839200]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-16 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-28 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 19 kvě 2012 16:51

Také zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt<. Po skenu restartujte PC a dejte nový log RSIT.

eXtenZ · #3 Příspěvek od **eXtenZ** » 19 kvě 2012 17:04

Tu je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Olinka at 2012-05-19 18:03:43
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 152 GB (32%) free of 477 GB
Total RAM: 4026 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:05, on 19. 5. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\ICQ7M\ICQ.exe
C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Olinka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arccosine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - (no file)
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8412 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
taskeng.exe {0AAA8DBC-21B3-4165-945E-25E170639524}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/4/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="2696.1.1084064379\1655112158" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight4.0/OmniboxSearchSuggest/4/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="2696.2.1371847334\771147128" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2696.3.469830952\1148553476" /prefetch:12
C:\Windows\system32\rundll32.exe "C:\PROGRA~2\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll",BrokerMain browser=chrome
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll" --lang=sk --channel="2696.4.162697140\1051715981" --flash-broker=3028 /prefetch:4
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Olinka\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Olinka\AppData\Roaming\Mozilla\Firefox\Profiles\viz6jtfq.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, toolbar@ask.com:3.12.2.16749, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazon-en-GB.xml
arccosine.xml
babylon.xml
bing.xml
chambers-en-GB.xml
eBay-en-GB.xml
google.xml
twitter.xml
wikipedia.xml
yahoo-en-GB.xml

C:\Users\Olinka\AppData\Roaming\Mozilla\Firefox\Profiles\viz6jtfq.default\searchplugins\
askcom.xml
bing-zugo.xml
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-05-19 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-05-19 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-28 7982112]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-06-23 821792]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-06-18 1808168]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-02 159232]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-02 380928]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-02 358912]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ICQ"=C:\Program Files (x86)\ICQ7M\ICQ.exe [2012-05-02 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2010-12-07 503969]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 259584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2036-02-07 03:58:15 ----RA---- C:\Windows\SYSWOW64\3_VETERANI.scr
2012-05-19 18:01:09 ----D---- C:\_OTM
2012-05-19 17:52:32 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-05-19 17:49:09 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-05-19 17:49:09 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-05-19 17:49:09 ----A---- C:\Windows\SYSWOW64\java.exe
2012-05-19 17:47:27 ----D---- C:\ProgramData\Mozilla
2012-05-19 17:47:27 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-19 17:42:28 ----D---- C:\Program Files (x86)\Secunia
2012-05-19 17:37:28 ----D---- C:\rsit
2012-05-19 17:37:28 ----D---- C:\Program Files\trend micro
2012-05-09 19:03:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-09 19:03:16 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-08 21:42:57 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-05-08 21:42:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-05-08 21:42:17 ----A---- C:\Windows\system32\win32k.sys
2012-05-08 21:42:14 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-05-08 21:42:13 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-05-08 21:42:12 ----A---- C:\Windows\system32\DWrite.dll
2012-05-08 21:42:11 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-05-08 21:42:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-05-08 09:51:11 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-05-02 20:16:28 ----D---- C:\Users\Olinka\AppData\Roaming\ICQ
2012-05-02 20:16:17 ----D---- C:\Program Files (x86)\ICQ7M
2012-04-28 23:31:38 ----D---- C:\Program Files (x86)\Microsoft Works
2012-04-28 23:31:06 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2012-04-28 23:30:34 ----D---- C:\Windows\PCHEALTH
2012-04-28 23:28:19 ----D---- C:\Program Files\Microsoft Office
2012-04-28 23:28:13 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-28 23:27:12 ----D---- C:\Program Files (x86)\Microsoft Office
2012-04-28 23:26:57 ----RHD---- C:\MSOCache
2012-04-28 23:14:43 ----D---- C:\Users\Olinka\AppData\Roaming\TuneUp Software
2012-04-28 23:14:03 ----D---- C:\ProgramData\TuneUp Software
2012-04-28 23:10:46 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-28 23:10:46 ----HD---- C:\ProgramData\Common Files
2012-04-28 21:36:56 ----D---- C:\ProgramData\boost_interprocess

======List of files/folders modified in the last 1 month======

2012-05-19 18:04:01 ----D---- C:\Windows\Temp
2012-05-19 18:01:21 ----D---- C:\Windows\System32
2012-05-19 18:01:10 ----D---- C:\Windows\Tasks
2012-05-19 18:00:57 ----D---- C:\Windows\system32\config
2012-05-19 17:58:25 ----D---- C:\Users\Olinka\AppData\Roaming\DAEMON Tools Lite
2012-05-19 17:57:55 ----D---- C:\Windows\inf
2012-05-19 17:57:23 ----D---- C:\Windows
2012-05-19 17:55:34 ----D---- C:\Users\Olinka\AppData\Roaming\Skype
2012-05-19 17:55:29 ----D---- C:\Windows\debug
2012-05-19 17:53:02 ----SHD---- C:\System Volume Information
2012-05-19 17:52:32 ----RD---- C:\Program Files (x86)
2012-05-19 17:51:21 ----SHD---- C:\Windows\Installer
2012-05-19 17:51:20 ----SHD---- C:\Config.Msi
2012-05-19 17:51:15 ----D---- C:\Windows\Prefetch
2012-05-19 17:49:19 ----D---- C:\Program Files (x86)\Common Files
2012-05-19 17:49:09 ----D---- C:\Windows\SysWOW64
2012-05-19 17:49:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-05-19 17:47:27 ----HD---- C:\ProgramData
2012-05-19 17:47:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-19 17:46:34 ----D---- C:\Program Files (x86)\CCleaner
2012-05-19 17:42:29 ----D---- C:\Windows\system32\drivers
2012-05-19 17:37:28 ----RD---- C:\Program Files
2012-05-18 20:39:04 ----D---- C:\Program Files (x86)\EMDB
2012-05-17 08:13:30 ----D---- C:\Windows\system32\catroot2
2012-05-16 15:43:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-10 10:10:37 ----D---- C:\Windows\system32\Tasks
2012-05-09 12:52:06 ----D---- C:\Windows\Microsoft.NET
2012-05-09 12:52:05 ----RSD---- C:\Windows\assembly
2012-05-09 00:00:29 ----D---- C:\Windows\winsxs
2012-05-08 21:58:34 ----A---- C:\Windows\system32\MRT.exe
2012-05-08 21:58:30 ----D---- C:\ProgramData\Microsoft Help
2012-05-08 21:52:25 ----D---- C:\Windows\system32\catroot
2012-05-08 21:43:53 ----D---- C:\Program Files\Windows Journal
2012-05-08 15:03:36 ----SD---- C:\Users\Olinka\AppData\Roaming\Microsoft
2012-05-05 21:08:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-05-05 21:08:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-05-04 22:14:45 ----D---- C:\Program Files\Adobe
2012-05-02 20:18:18 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-29 00:01:53 ----A---- C:\Windows\win.ini
2012-04-28 23:43:04 ----D---- C:\ProgramData\Skype
2012-04-28 23:31:24 ----D---- C:\Program Files (x86)\MSBuild
2012-04-28 23:31:04 ----D---- C:\Windows\ShellNew
2012-04-28 23:30:41 ----RSD---- C:\Windows\Fonts
2012-04-28 23:30:34 ----SD---- C:\ProgramData\Microsoft
2012-04-28 23:30:33 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-04-28 23:29:25 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-04-25 10:26:15 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-19 560184]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2010-08-31 176000]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-02 7369728]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-28 1966624]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-06-18 272432]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 adrxuhbq;adrxuhbq; C:\Windows\system32\drivers\adrxuhbq.sys []
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-12-02 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 V0700Vid;Creative Live! Cam Chat HD Driver; C:\Windows\system32\DRIVERS\V0700Vid.sys [2010-10-18 393728]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 839200]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-16 182768]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-28 1255736]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 19 kvě 2012 17:25

Smazáno. Nastala nějaká změna?

eXtenZ · #5 Příspěvek od **eXtenZ** » 19 kvě 2012 17:28

Po čase ak by boli problémy tak napíšem. Zatiaľ sa to nedá rozoznať.

Díky
Pekný deň

#6 Příspěvek od **Rudy** » 19 kvě 2012 18:01

OK, pěkný den i vám! Nemáte zač!

eXtenZ · #7 Příspěvek od **eXtenZ** » 19 kvě 2012 19:46

Tak vyskytol sa problém. Neviem čím to je. Nefunguje mi striedanie tapiet na ploche. Vždy mi zobrazuje len jeden obrázok z celého priečinka.
Nejaká rada ?

#8 Příspěvek od **Rudy** » 19 kvě 2012 19:56

Udělejte obnovu systému k datu, kdy korektně fungoval.

eXtenZ · #9 Příspěvek od **eXtenZ** » 21 kvě 2012 11:36

Ahoj, nebudem zakladať nové vlákno, ale budem pokračovať tu v probléme ktorý nastal. Systém Windows mi napísal túto hlášku:

Podpis problému:
Název události problému: BlueScreen
Verze operačního systému: 6.1.7601.2.1.0.768.3
ID národního prostředí: 1051

Další informace o problému:
BCCode: 9f
BCP1: 00000003
BCP2: 85733680
BCP3: 82D69AE0
BCP4: 86616400
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Soubory, které popisují problém:
C:\Windows\Minidump\052112-15210-01.dmp
C:\Users\Tomáš\AppData\Local\Temp\WER-159573-0.sysdata.xml

Nejaká pomoc ?

Přečtěte si prohlášení o zásadách ochrany osobních údajů online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0405

Pokud není k dispozici Prohlášení o zásadách ochrany osobních údajů online, přečtěte si toto prohlášení offline:
C:\windows\system32\cs-CZ\erofflps.txt

Nejaká pomoc odstrániť tento problém ?

#10 Příspěvek od **Rudy** » 21 kvě 2012 16:47

Soubor C:\Windows\Minidump\052112-15210-01.dmp zabalte a upněte ho buď sem, nebo nekam jinam a dejte odkaz.

eXtenZ · #11 Příspěvek od **eXtenZ** » 21 kvě 2012 17:20

http://leteckaposta.cz/268062901

okrem toho súboru tam sú aj 2 iné súbory, podobné len s inými číslami ..

#12 Příspěvek od **Rudy** » 21 kvě 2012 17:32

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

eXtenZ · #13 Příspěvek od **eXtenZ** » 21 kvě 2012 18:46

Tu je log:

ComboFix 12-05-21.05 - Tomáš . 05. 2012 19:35:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.2009.1171 [GMT 2:00]
Running from: c:\users\Tomáš\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 17:43 . 2012-05-21 17:43 -------- d-----w- c:\users\Tomáš\AppData\Local\temp
2012-05-21 17:43 . 2012-05-21 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-20 17:41 . 2012-05-20 17:41 -------- d-----w- c:\users\Tomáš\AppData\Roaming\vlc
2012-05-19 14:29 . 2012-05-19 14:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-19 14:25 . 2012-05-19 14:25 -------- d-----w- c:\users\Tomáš\AppData\Local\Secunia PSI
2012-05-19 14:24 . 2012-05-19 14:24 -------- d-----w- c:\program files\Secunia
2012-05-17 21:26 . 2012-05-17 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 19:28 . 2012-05-16 19:28 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2012-05-16 19:28 . 2012-05-16 19:28 -------- d-----w- c:\program files\Norton PC Checkup
2012-05-16 17:59 . 2012-05-16 17:59 -------- d-----w- c:\users\Tomáš\AppData\Roaming\VS Revo Group
2012-05-16 17:48 . 2012-05-16 17:48 -------- d-----w- C:\Drivers
2012-05-16 17:38 . 2012-05-16 17:38 -------- d-----w- c:\users\Tomáš\AppData\Local\ElevatedDiagnostics
2012-05-16 17:25 . 2012-05-16 17:25 -------- d-----w- c:\programdata\PC Drivers Headquarters
2012-05-16 17:25 . 2012-05-16 17:25 -------- d-----w- c:\users\Tomáš\AppData\Local\PC_Drivers_Headquarters
2012-05-16 17:25 . 2012-05-16 17:30 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2012-05-14 17:48 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-14 17:48 . 2012-05-15 08:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-14 17:48 . 2012-05-15 06:02 -------- d-----w- c:\program files\Symantec
2012-05-14 17:48 . 2012-05-15 06:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-14 17:48 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-14 17:47 . 2012-05-16 10:16 -------- d-----w- c:\windows\system32\drivers\N360
2012-05-14 17:47 . 2012-05-14 17:47 -------- d-----w- c:\program files\Norton 360
2012-05-14 17:47 . 2012-05-16 19:28 -------- d-----w- c:\program files\NortonInstaller
2012-05-14 17:23 . 2012-05-14 17:23 -------- d-----w- c:\program files\ESET
2012-05-14 16:57 . 2012-05-14 16:57 -------- d-----w- c:\program files\NetUp
2012-05-11 12:19 . 2012-05-11 12:19 -------- d-----w- c:\users\Tomáš\AppData\Local\VS Revo Group
2012-05-11 12:19 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-11 12:17 . 2012-05-11 12:19 -------- d-----w- c:\program files\VS Revo Group
2012-05-11 12:13 . 2012-05-11 12:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-11 12:13 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-11 12:13 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-11 12:13 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-11 12:13 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-11 12:13 . 2012-05-11 12:13 -------- d-----w- c:\programdata\Lavasoft
2012-05-11 11:42 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5DFA99A-410D-4470-9377-FECCADB955F4}\mpengine.dll
2012-05-11 10:13 . 2012-05-11 10:13 -------- d-----w- c:\users\Tomáš\AppData\Roaming\ESET
2012-05-11 10:13 . 2012-05-11 10:13 -------- d-----w- c:\users\Tomáš\AppData\Local\ESET
2012-05-10 23:58 . 2012-05-11 10:09 -------- d-----w- c:\programdata\AVAST Software
2012-05-09 17:36 . 2012-05-09 17:36 -------- d-----w- c:\programdata\Martau
2012-05-09 17:19 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 17:19 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 17:19 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 17:19 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:19 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 17:19 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 17:19 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 17:19 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 17:19 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:19 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-06 16:41 . 2012-04-05 11:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-02 21:34 . 2012-05-02 21:38 -------- d-----w- c:\program files\QIP Infium
2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Tomáš\AppData\Roaming\QIP
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-29 23:09 . 2012-04-29 23:09 -------- d-----w- c:\users\Tomáš\AppData\Local\Diagnostics
2012-04-29 20:03 . 2012-04-29 20:03 -------- d-----w- c:\users\Public\Thunder Network
2012-04-29 20:03 . 2012-04-29 20:03 -------- d-----w- c:\programdata\Thunder Network
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Mozilla
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\users\Tomáš\AppData\Local\Mozilla
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 09:02 . 2012-04-24 09:02 1492 ----a-w- C:\user.js
2012-04-24 09:02 . 2012-04-24 09:02 -------- d-----w- c:\program files\Your Uninstaller! 7
2012-04-24 09:01 . 2012-04-24 09:01 -------- d-----w- c:\programdata\Babylon
2012-04-24 09:01 . 2012-04-24 09:01 -------- d-----w- c:\windows\Profiles
2012-04-24 08:09 . 2012-04-05 11:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-24 08:09 . 2012-04-05 11:08 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-04-24 08:07 . 2012-04-24 08:09 -------- d-----w- c:\programdata\TuneUp Software
2012-04-24 08:07 . 2012-04-24 08:07 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-24 08:07 . 2012-04-24 08:07 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 11:33 . 2012-04-08 11:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 11:33 . 2012-02-22 08:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 05:46 . 2012-04-12 17:40 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 17:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 17:40 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 17:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 17:46 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 17:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 17:46 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 17:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 11:48 . 2012-02-24 11:23 139264 ----a-w- c:\windows\War3Unin.exe
2012-02-24 11:26 . 2012-02-24 11:23 2829 ----a-w- c:\windows\War3Unin.pif
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\UC.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\RAR.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\PKZIP.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\LHA.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\ARJ.PIF
2012-02-23 12:24 . 2012-03-28 22:20 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 08:18 . 2012-02-22 07:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 15:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-22 08:26 . 2012-02-22 08:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:26 . 2012-02-22 08:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:26 . 2012-02-22 08:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:26 . 2012-02-22 08:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:26 . 2012-02-22 08:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:26 . 2012-02-22 08:26 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:26 . 2012-02-22 08:26 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:26 . 2012-02-22 08:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:26 . 2012-02-22 08:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:26 . 2012-02-22 08:26 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:26 . 2012-02-22 08:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:26 . 2012-02-22 08:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:26 . 2012-02-22 08:26 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:26 . 2012-02-22 08:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:26 . 2012-02-22 08:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:26 . 2012-02-22 08:26 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:26 . 2012-02-22 08:26 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-21 01:18 . 2012-04-27 19:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"SAIICpl Application"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-02-22 14:08 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-09-29 16:22 5064560 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-22 00:27 136176 ----atw- c:\users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-02-22 15:07 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
2008-12-03 22:15 218408 ----a-w- c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-22 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [2012-05-07 821880]
S1 funfrm;funfrm; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120517.001\IDSvix86.sys [2012-05-12 368248]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [2011-04-21 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-11-07 135608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-15 106104]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=112250&babsrc=HP_ss&mntrId=cabf17e5000000000000506313dd21b1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\0vc62nim.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-WLStart - c:\program files\Windows Live\Installer\wlstart.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-21 19:45:39
ComboFix-quarantined-files.txt 2012-05-21 17:45
.
Pre-Run: Volných bajtů: 291 756 351 488
Post-Run: Volných bajtů: 291 693 514 752
.
- - End Of File - - 90704505B777DC283855D4C29E0E3854

#14 Příspěvek od **Rudy** » 21 kvě 2012 19:55

Otevřte poznámkový blok a zkopírujte do něj:

Driver::
funfrm

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

eXtenZ · #15 Příspěvek od **eXtenZ** » 21 kvě 2012 22:36

tu je log, ktorý na mňa vybehol:

ComboFix 12-05-21.05 - Tomáš . 05. 2012 23:23:44.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.2009.1104 [GMT 2:00]
Running from: c:\users\TomßÜ\Desktop\ComboFix.exe
Command switches used :: c:\users\TomßÜ\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 21:31 . 2012-05-21 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-21 18:01 . 2012-05-21 18:16 -------- d-----w- c:\program files\Uniblue
2012-05-21 17:45 . 2012-05-21 21:31 -------- d-----w- c:\users\Tomáš\AppData\Local\temp
2012-05-20 17:41 . 2012-05-20 17:41 -------- d-----w- c:\users\Tomáš\AppData\Roaming\vlc
2012-05-19 14:29 . 2012-05-19 14:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-19 14:25 . 2012-05-19 14:25 -------- d-----w- c:\users\Tomáš\AppData\Local\Secunia PSI
2012-05-19 14:24 . 2012-05-19 14:24 -------- d-----w- c:\program files\Secunia
2012-05-17 21:26 . 2012-05-17 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 19:28 . 2012-05-16 19:28 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2012-05-16 19:28 . 2012-05-16 19:28 -------- d-----w- c:\program files\Norton PC Checkup
2012-05-16 17:59 . 2012-05-16 17:59 -------- d-----w- c:\users\Tomáš\AppData\Roaming\VS Revo Group
2012-05-16 17:48 . 2012-05-16 17:48 -------- d-----w- C:\Drivers
2012-05-16 17:38 . 2012-05-21 18:35 -------- d-----w- c:\users\Tomáš\AppData\Local\ElevatedDiagnostics
2012-05-16 17:25 . 2012-05-16 17:25 -------- d-----w- c:\programdata\PC Drivers Headquarters
2012-05-16 17:25 . 2012-05-16 17:25 -------- d-----w- c:\users\Tomáš\AppData\Local\PC_Drivers_Headquarters
2012-05-16 17:25 . 2012-05-16 17:30 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2012-05-14 17:48 . 2010-08-21 04:59 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-14 17:48 . 2012-05-15 08:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-05-14 17:48 . 2012-05-15 06:02 -------- d-----w- c:\program files\Symantec
2012-05-14 17:48 . 2012-05-15 06:01 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-14 17:48 . 2010-08-21 04:59 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-14 17:47 . 2012-05-16 10:16 -------- d-----w- c:\windows\system32\drivers\N360
2012-05-14 17:47 . 2012-05-14 17:47 -------- d-----w- c:\program files\Norton 360
2012-05-14 17:47 . 2012-05-16 19:28 -------- d-----w- c:\program files\NortonInstaller
2012-05-14 17:23 . 2012-05-14 17:23 -------- d-----w- c:\program files\ESET
2012-05-14 16:57 . 2012-05-14 16:57 -------- d-----w- c:\program files\NetUp
2012-05-11 12:19 . 2012-05-11 12:19 -------- d-----w- c:\users\Tomáš\AppData\Local\VS Revo Group
2012-05-11 12:19 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-11 12:17 . 2012-05-11 12:19 -------- d-----w- c:\program files\VS Revo Group
2012-05-11 12:13 . 2012-05-11 12:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-11 12:13 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-11 12:13 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-11 12:13 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-11 12:13 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-11 12:13 . 2012-05-11 12:13 -------- d-----w- c:\programdata\Lavasoft
2012-05-11 11:42 . 2012-04-18 01:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5DFA99A-410D-4470-9377-FECCADB955F4}\mpengine.dll
2012-05-11 10:13 . 2012-05-11 10:13 -------- d-----w- c:\users\Tomáš\AppData\Roaming\ESET
2012-05-11 10:13 . 2012-05-11 10:13 -------- d-----w- c:\users\Tomáš\AppData\Local\ESET
2012-05-10 23:58 . 2012-05-11 10:09 -------- d-----w- c:\programdata\AVAST Software
2012-05-09 17:36 . 2012-05-09 17:36 -------- d-----w- c:\programdata\Martau
2012-05-09 17:19 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 17:19 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 17:19 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 17:19 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:19 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 17:19 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 17:19 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 17:19 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 17:19 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 17:19 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-06 16:41 . 2012-04-05 11:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-02 21:34 . 2012-05-02 21:38 -------- d-----w- c:\program files\QIP Infium
2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Tomáš\AppData\Roaming\QIP
2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-04-29 23:09 . 2012-04-29 23:09 -------- d-----w- c:\users\Tomáš\AppData\Local\Diagnostics
2012-04-29 20:03 . 2012-04-29 20:03 -------- d-----w- c:\users\Public\Thunder Network
2012-04-29 20:03 . 2012-04-29 20:03 -------- d-----w- c:\programdata\Thunder Network
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\users\Tomáš\AppData\Roaming\Mozilla
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\users\Tomáš\AppData\Local\Mozilla
2012-04-27 19:42 . 2012-04-27 19:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-24 09:02 . 2012-04-24 09:02 1492 ----a-w- C:\user.js
2012-04-24 09:02 . 2012-04-24 09:02 -------- d-----w- c:\program files\Your Uninstaller! 7
2012-04-24 09:01 . 2012-04-24 09:01 -------- d-----w- c:\programdata\Babylon
2012-04-24 09:01 . 2012-04-24 09:01 -------- d-----w- c:\windows\Profiles
2012-04-24 08:09 . 2012-04-05 11:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-24 08:09 . 2012-04-05 11:08 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-04-24 08:07 . 2012-04-24 08:09 -------- d-----w- c:\programdata\TuneUp Software
2012-04-24 08:07 . 2012-04-24 08:07 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-24 08:07 . 2012-04-24 08:07 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 11:33 . 2012-04-08 11:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 11:33 . 2012-02-22 08:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 05:46 . 2012-04-12 17:40 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 17:40 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 17:40 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 17:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 17:46 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 17:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 17:46 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 17:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-24 11:48 . 2012-02-24 11:23 139264 ----a-w- c:\windows\War3Unin.exe
2012-02-24 11:26 . 2012-02-24 11:23 2829 ----a-w- c:\windows\War3Unin.pif
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\UC.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\RAR.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\PKZIP.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\LHA.PIF
2012-02-24 05:57 . 2012-04-10 06:40 545 ----a-w- c:\windows\ARJ.PIF
2012-02-23 12:24 . 2012-03-28 22:20 21848 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-02-23 08:18 . 2012-02-22 07:08 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 15:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-22 08:26 . 2012-02-22 08:26 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-22 08:26 . 2012-02-22 08:26 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-22 08:26 . 2012-02-22 08:26 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-22 08:26 . 2012-02-22 08:26 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-22 08:26 . 2012-02-22 08:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-22 08:26 . 2012-02-22 08:26 367104 ----a-w- c:\windows\system32\html.iec
2012-02-22 08:26 . 2012-02-22 08:26 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-22 08:26 . 2012-02-22 08:26 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-22 08:26 . 2012-02-22 08:26 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-22 08:26 . 2012-02-22 08:26 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-22 08:26 . 2012-02-22 08:26 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-22 08:26 . 2012-02-22 08:26 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-22 08:26 . 2012-02-22 08:26 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-22 08:26 . 2012-02-22 08:26 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-22 08:26 . 2012-02-22 08:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-22 08:26 . 2012-02-22 08:26 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-22 08:26 . 2012-02-22 08:26 101888 ----a-w- c:\windows\system32\admparse.dll
2012-04-21 01:18 . 2012-04-27 19:42 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-02-22 14:08 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-09-29 16:22 5064560 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-22 00:27 136176 ----atw- c:\users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-02-22 15:07 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
2008-12-03 22:15 218408 ----a-w- c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-22 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [2012-05-07 821880]
S1 funfrm;funfrm; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120517.001\IDSvix86.sys [2012-05-12 368248]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [2010-11-16 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [2011-04-21 299640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-11-07 135608]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-15 106104]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
FF - ProfilePath - c:\users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\0vc62nim.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4756)
c:\program files\Norton 360\Engine\5.2.1.3\buShell.dll
.
Completion time: 2012-05-21 23:33:16
ComboFix-quarantined-files.txt 2012-05-21 21:33
ComboFix2.txt 2012-05-21 17:45
.
Pre-Run: Volných bajtů: 291 280 982 016
Post-Run: Volných bajtů: 290 997 702 656
.
- - End Of File - - 5B6E76DE4953C44610978D172FDC41FF

VIRY.CZ

kontrola logu+problémy

kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy

Re: kontrola logu+problémy