Kontrola logu

[safire]

Zdravim, poprosim kontrolu logu Diky

Kód: Vybrat vše

ComboFix 12-07-05.02 - Home . 07. 2012  15:34:11.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.421.1033.18.4010.2338 [GMT 2:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\Roaming
c:\users\Home\AppData\Roaming\Love
c:\users\Home\AppData\Roaming\Love\TSW\data.lua
c:\users\Public\sdelevURL.tmp
c:\windows\s.bat
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2012-07-04_10-37-40_r3dlog.txt
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-05 to 2012-07-05  )))))))))))))))))))))))))))))))
.
.
2012-07-05 13:43 . 2012-07-05 13:43	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-05 13:43 . 2012-07-05 13:43	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-07-05 13:43 . 2012-07-05 13:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-05 08:06 . 2009-02-24 16:35	255552	----a-w-	c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-05 08:06 . 2009-02-24 16:35	255552	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2012-07-05 08:06 . 2012-07-05 08:08	--------	d-----w-	c:\program files (x86)\MagicDisc
2012-07-04 22:19 . 2012-07-04 22:19	--------	d-----w-	c:\program files (x86)\AMP WinOFF
2012-07-03 20:29 . 2012-07-04 13:55	--------	d-----w-	c:\program files\trend micro
2012-07-03 20:29 . 2012-07-03 20:29	--------	d-----w-	C:\rsit
2012-07-03 15:15 . 2012-07-03 15:15	--------	d-----w-	c:\users\Home\AppData\Roaming\Avira
2012-07-03 15:11 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-03 15:11 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-03 15:11 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-03 15:11 . 2012-07-03 15:11	--------	d-----w-	c:\programdata\Avira
2012-07-03 15:11 . 2012-07-03 15:11	--------	d-----w-	c:\program files (x86)\Avira
2012-07-03 12:28 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{089918CD-DBE5-49B0-B272-4CD680824D26}\mpengine.dll
2012-06-29 19:47 . 2012-06-29 19:47	--------	d-----w-	c:\program files (x86)\Common Files\SWF Studio
2012-06-28 20:15 . 2012-06-28 20:15	--------	d-----w-	c:\programdata\Age of Empires 3
2012-06-28 16:00 . 2012-06-28 16:00	--------	d-----w-	c:\program files (x86)\TimeLeft3
2012-06-28 16:00 . 2012-06-28 16:00	--------	d-----w-	c:\users\Home\AppData\Roaming\NesterSoft
2012-06-28 11:14 . 2012-06-28 11:14	--------	d-----w-	c:\users\Home\AppData\Roaming\EPSON
2012-06-28 10:50 . 2012-06-28 10:50	--------	d-----w-	c:\program files (x86)\Common Files\PocketSoft
2012-06-28 10:50 . 2002-02-27 16:50	197120	----a-w-	c:\windows\patchw32.dll
2012-06-28 10:43 . 2002-12-05 12:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-28 10:43 . 2002-12-05 12:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-28 10:43 . 2002-12-02 13:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-28 10:43 . 2002-12-02 11:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-28 10:43 . 2002-12-02 11:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-28 10:43 . 2012-06-28 10:43	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-28 10:43 . 2012-06-28 10:43	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-06-28 10:32 . 2012-06-28 10:32	--------	d-----w-	c:\program files\EpsonNet
2012-06-28 10:32 . 2012-06-28 10:32	--------	d-----w-	c:\program files (x86)\Common Files\EPSON
2012-06-28 10:31 . 2012-06-28 10:31	--------	d-----w-	c:\program files (x86)\EpsonNet
2012-06-28 10:29 . 2007-06-21 22:10	501912	----a-w-	c:\windows\SysWow64\PICSDK2.dll
2012-06-28 10:29 . 2006-10-19 22:10	80024	----a-w-	c:\windows\SysWow64\PICSDK.dll
2012-06-28 10:29 . 2006-10-30 22:10	71840	----a-w-	c:\windows\SysWow64\EPPicMgr.dll
2012-06-28 10:29 . 2006-10-30 22:10	120992	----a-w-	c:\windows\SysWow64\EpPicPrt.dll
2012-06-28 10:29 . 2006-10-19 22:10	108704	----a-w-	c:\windows\SysWow64\PICEntry.dll
2012-06-28 10:29 . 2012-06-28 10:29	--------	d-----w-	c:\users\Home\AppData\Roaming\InstallShield
2012-06-28 10:28 . 2008-11-12 03:00	118784	----a-w-	c:\windows\system32\E_ILMFIE.DLL
2012-06-28 10:28 . 2008-11-12 03:00	81920	----a-w-	c:\windows\system32\E_IBCBFIE.DLL
2012-06-28 10:28 . 2007-04-10 01:06	10752	----a-w-	c:\windows\system32\E_GCINST.DLL
2012-06-28 10:28 . 2012-06-28 10:58	--------	d-----w-	c:\programdata\EPSON
2012-06-28 10:28 . 2008-11-16 22:00	459776	----a-w-	c:\windows\system32\esxwiaud.dll
2012-06-28 10:28 . 2006-08-25 00:00	12800	----a-w-	c:\windows\system32\esxcdev.dll
2012-06-28 10:28 . 2012-06-28 10:30	--------	d-----w-	c:\program files (x86)\epson
2012-06-27 10:31 . 2012-06-27 11:28	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-06-27 10:31 . 2012-06-27 10:32	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-06-25 16:32 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-25 16:32 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-25 16:32 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-25 16:32 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-25 16:32 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-25 16:32 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-25 16:32 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-25 16:32 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-25 16:32 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-24 14:35 . 2012-06-24 14:35	--------	d-----w-	c:\programdata\Hi-Rez Studios
2012-06-24 14:34 . 2012-06-24 14:35	--------	d-----w-	c:\program files (x86)\Hi-Rez Studios
2012-06-22 11:53 . 2010-08-02 14:19	31744	----a-w-	c:\windows\system32\drivers\lgandadb.sys
2012-06-22 11:53 . 2011-07-18 04:03	1919968	----a-w-	c:\windows\system32\wdfcoinstaller01005.dll
2012-06-22 11:53 . 2010-12-07 12:23	34304	----a-w-	c:\windows\system32\drivers\lgandmodem64.sys
2012-06-22 11:53 . 2010-12-07 12:23	27648	----a-w-	c:\windows\system32\drivers\lganddiag64.sys
2012-06-22 11:53 . 2010-12-07 12:23	27136	----a-w-	c:\windows\system32\drivers\lgandgps64.sys
2012-06-22 11:53 . 2010-12-07 12:22	19456	----a-w-	c:\windows\system32\drivers\lgandbus64.sys
2012-06-22 11:53 . 2012-06-22 11:53	--------	d-----w-	c:\program files (x86)\LG Electronics
2012-06-22 11:47 . 2012-06-22 11:47	--------	d-----w-	C:\GT540
2012-06-22 11:47 . 2011-05-10 11:37	655872	----a-w-	c:\windows\SysWow64\msvcr90.dll
2012-06-22 11:47 . 2011-05-10 11:37	568832	----a-w-	c:\windows\SysWow64\msvcp90.dll
2012-06-22 11:47 . 2011-05-10 11:37	224768	----a-w-	c:\windows\SysWow64\msvcm90.dll
2012-06-22 11:46 . 2006-05-04 06:33	53248	----a-w-	c:\windows\SysWow64\CommonDL.dll
2012-06-22 11:46 . 2005-10-03 23:39	44544	----a-w-	c:\windows\SysWow64\msxml4a.dll
2012-06-22 11:46 . 2012-06-22 12:20	--------	d-----w-	c:\programdata\LGMOBILEAX
2012-06-22 11:43 . 2012-06-22 12:24	--------	d-----w-	c:\users\Home\.android
2012-06-22 11:42 . 2012-06-22 11:42	--------	d-----w-	c:\program files (x86)\Android
2012-06-21 14:27 . 2012-06-21 14:27	--------	d-----w-	c:\users\Home\AppData\Local\Unity
2012-06-17 08:31 . 2012-06-21 15:54	--------	d-----w-	c:\users\Home\AppData\Roaming\Xfire
2012-06-17 08:31 . 2012-06-19 15:04	--------	d-----w-	c:\programdata\Xfire
2012-06-17 08:31 . 2012-06-17 08:31	--------	d-----w-	c:\program files (x86)\Xfire
2012-06-16 22:57 . 2012-06-16 22:57	--------	d-----w-	c:\program files\Auto Shutdown
2012-06-16 00:17 . 2012-06-16 00:17	28096	----a-w-	c:\windows\system32\xfcodec64.dll
2012-06-16 00:17 . 2012-06-16 00:17	42432	----a-w-	c:\windows\SysWow64\xfcodec.dll
2012-06-13 20:08 . 2012-05-18 02:02	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 20:08 . 2012-05-18 02:01	499200	----a-w-	c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 20:08 . 2012-05-17 22:38	678912	----a-w-	c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 20:08 . 2012-05-17 22:37	387584	----a-w-	c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 17:51 . 2012-06-13 17:52	--------	d-----w-	c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2012-06-13 17:38 . 2012-06-13 17:38	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-06-08 16:03 . 2012-06-08 16:03	--------	d--h--r-	c:\users\Home\AppData\Roaming\SecuROM
2012-06-06 17:42 . 2012-06-14 15:29	--------	d-----w-	c:\users\Home\AppData\Roaming\BSplayer
2012-06-06 17:42 . 2012-06-06 17:42	--------	d-----w-	c:\users\Home\AppData\Roaming\BSplayer Pro
2012-06-06 17:42 . 2012-06-06 17:42	--------	d-----w-	c:\program files (x86)\Webteh
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 20:48 . 2012-04-27 01:39	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 20:48 . 2012-04-27 01:39	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-07 19:31 . 2012-04-27 23:30	234536	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-05-24 19:27 . 2012-04-27 23:28	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-05-15 10:48 . 2012-05-05 08:02	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-05 08:02	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-05 08:02	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-06 17:58	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-02-06 17:58	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-02-06 17:58	246592	----a-w-	c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-02-06 17:58	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-02-06 17:58	202048	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-02-06 17:58	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-02-06 17:58	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 09:29 . 2012-02-06 17:58	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-02-06 17:58	858944	----a-w-	c:\windows\system32\nv3dappshext.dll
2012-05-15 09:29 . 2012-02-06 17:58	433984	----a-w-	c:\windows\SysWow64\oemdspif.dll
2012-05-15 09:29 . 2012-02-06 17:58	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-02-06 17:58	55616	----a-w-	c:\windows\system32\nv3dappshextr.dll
2012-05-15 09:29 . 2012-02-06 17:58	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-02-06 17:58	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-06 17:58	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-02-06 17:58	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-02-06 17:58	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-05 05:54 . 2012-05-05 05:54	21712	----a-w-	c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-05-03 22:28 . 2012-05-03 22:28	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-03 21:59 . 2012-04-28 20:15	867064	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-05-02 23:10 . 2010-11-21 03:23	2851840	----a-w-	c:\windows\system32\themeui.dll
2012-05-02 23:10 . 2009-07-13 23:54	44544	----a-w-	c:\windows\system32\themeservice.dll
2012-05-02 23:10 . 2009-07-13 23:55	332288	----a-w-	c:\windows\system32\uxtheme.dll
2012-04-28 00:10 . 2012-04-28 00:10	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-26 12:48 . 2012-04-26 12:48	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-04-26 12:48 . 2012-04-26 12:48	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-28 880496]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-5 576000]
TimeLeft.lnk - c:\program files (x86)\TimeLeft3\TimeLeft.exe [2012-6-28 2040616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]
ThrottleStop - Shortcut (2).lnk - c:\users\Home\Desktop\ThrottleStop_400\ThrottleStop_400\ThrottleStop.exe [2011-10-17 278528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-03 867064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-01 185856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 32768]
R3 atillk64;atillk64;c:\program files (x86)\ATI Technologies\AMD GPU Clock Tool\atillk64.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]
R3 CPUgenieDriver;CPUgenieDriver;c:\program files\GreenVantage LLC\CPUgenie64\NBFreezer64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2012-06-13 19952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-02-06 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-02-06 39008]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-02-06 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-03 283200]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2012-02-07 30592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-02-06 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [2010-12-15 8200552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Home\Desktop\ThrottleStop_400\ThrottleStop_400\WinRing0x64.sys [2008-07-27 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 20:48]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 18:40]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 18:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-05-01 21:33	201728	----a-w-	c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-02-06 18:29	1502720	----a-w-	c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-02-06 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-02-06 789920]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-02-06 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-02-06 5908928]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-11-14 13353064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1C8B1208-EE35-4067-92E0-5717C770D2DE}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3543239370-2261490951-2830768482-1002)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3543239370-2261490951-2830768482-1002)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3543239370-2261490951-2830768482-1002)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3543239370-2261490951-2830768482-1002)
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\SecuROM\License information*]
"datasecu"=hex:eb,0f,6e,33,fe,c5,27,5d,c3,68,e4,cf,d2,d7,45,05,1a,26,33,02,ef,
   48,40,af,f5,08,66,dd,5c,c1,34,1a,87,76,a1,27,d1,30,cf,b4,7c,10,30,8c,a5,05,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-05  15:46:36
ComboFix-quarantined-files.txt  2012-07-05 13:46
.
Pre-Run: 311 558 492 160 bytes free
Post-Run: 311 846 928 384 bytes free
.
- - End Of File - - 728F04E922A49375011A58A60B2B93D1

\windows\system32\nvshext

[Rudy]

Také zdravím!
Když už jste provedl sken CF (nedoporučujeme laikům ho provádět bez předchozí kontroly log RSIT), provedeme dočištění. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Regnull::
[HKEY_USERS\S-1-5-21-3543239370-2261490951-2830768482-1002\Software\SecuROM\License information*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.