Nová preventívka - pomalšie reakcie PC

[MH112]

Dobrý deň prajem Všetkým, prosím Vás o preventívnu kontrolu môjho počitača. V poslednom čase zaznamenávam mierne spomalenie a reakcií. Ďakujem.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavol at 2012-09-23 14:58:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 33 GB (17%) free of 192 GB
Total RAM: 1790 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:33, on 23. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\USB Sound Blaster\Volume Panel\VolPanlu.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Pavol\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\CVision\License\CVistaMonitor.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Pavol\Desktop\Vehicles\Notebook\Viry CZ\RSIT.exe
C:\Program Files\trend micro\Pavol.exe
C:\windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OwnData2Switch] #owndata20switch.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Sound Blaster\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Pavol\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Pavol\AppData\Local\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: CardOS API.lnk = ?
O4 - Global Startup: CVista Monitor.lnk = C:\Program Files\CVision\License\CVistaMonitor.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: QSign.lnk = C:\Program Files\Ardaco\QSign\zepapp.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: CVISION PdfCompressor Watched Folder Service (CVCompressionService) - CVISION Technologies - C:\Program Files\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\QSTART.SYS\config\DVMExportService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: CVISION PdfCompressor Communication Service (PdfCompressorFtpService) - CVISION Technologies Inc. - C:\Program Files\CVision\PdfCompressor 5.0\ftpsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecretZone Assist Service (SZASSIST) - Clarus, Inc. - C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe

--
End of file - 13473 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\At1.job
C:\windows\tasks\At2.job
C:\windows\tasks\AWC AutoSweep.job
C:\windows\tasks\AWC Update.job
C:\windows\tasks\Check Updates for Windows Live Toolbar.job
C:\windows\tasks\SmartDefrag.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\5dtrfrpc.default

"web2pdfextension@web2pdf.adobedotcom"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\5dtrfrpc.default\extensions\
fastYoutubeDownloader@yevgenyandrov.net
info@lingea.com
{5384767E-00D9-40E9-B72F-9CC39D655D6F}

C:\Users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\5dtrfrpc.default\searchplugins\
daemon-search.xml
rapidshare-google-arama.xml
rapidshare-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-05-26 193968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - c:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-04-04 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-08-10 13797920]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-24 7625248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-23 1537320]
"VeriFaceManager"=C:\Program Files\Lenovo\VeriFace\PManage.exe [2009-12-10 3122440]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-07-15 4081480]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-06-25 5064520]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"OwnData2Switch"=#owndata20switch.exe []
"VolPanel"=C:\Program Files\Creative\USB Sound Blaster\Volume Panel\VolPanlu.exe [2009-05-04 241789]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-04-04 36760]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-04-04 815512]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-06 3076144]
""= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-03-27 37296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"=C:\Users\Pavol\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2011-06-30 79872]
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2010-05-26 3220912]
"Akamai NetSession Interface"=C:\Users\Pavol\AppData\Local\Akamai\netsession_win.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
CardOS API.lnk - C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
CVista Monitor.lnk - C:\Program Files\CVision\License\CVistaMonitor.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
QSign.lnk - C:\Program Files\Ardaco\QSign\zepapp.exe

C:\Users\Pavol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Orezávač obrazovky a spúšťač programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Samsung Auto Backup Guage.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
Samsung Auto Backup Real-Time Daemon.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
Samsung Auto Backup Scheduler.lnk - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"msacm.ac3acm"=AC3ACM.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.xvid"=xvidvfw.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-09-23 14:58:48 ----D---- C:\Program Files\trend micro
2012-09-23 14:58:47 ----D---- C:\rsit
2012-09-22 21:23:22 ----A---- C:\windows\system32\qdvd.dll
2012-09-22 17:11:51 ----D---- C:\MATS
2012-09-22 17:03:11 ----A---- C:\windows\system32\mshtmled.dll
2012-09-22 17:03:10 ----A---- C:\windows\system32\vbscript.dll
2012-09-22 17:03:05 ----A---- C:\windows\system32\jsproxy.dll
2012-09-22 17:03:03 ----A---- C:\windows\system32\ieui.dll
2012-09-22 17:03:02 ----A---- C:\windows\system32\ieUnatt.exe
2012-09-22 17:03:01 ----A---- C:\windows\system32\msfeeds.dll
2012-09-22 17:02:56 ----A---- C:\windows\system32\wininet.dll
2012-09-22 17:02:56 ----A---- C:\windows\system32\jscript.dll
2012-09-22 17:02:52 ----A---- C:\windows\system32\url.dll
2012-09-22 17:02:52 ----A---- C:\windows\system32\jscript9.dll
2012-09-22 17:02:47 ----A---- C:\windows\system32\iertutil.dll
2012-09-22 17:02:40 ----A---- C:\windows\system32\urlmon.dll
2012-09-22 17:02:21 ----A---- C:\windows\system32\ieframe.dll
2012-09-22 17:02:17 ----A---- C:\windows\system32\mshtml.dll
2012-09-12 17:50:25 ----A---- C:\windows\system32\drivers\ndis.sys
2012-09-12 17:50:24 ----A---- C:\windows\system32\drivers\RNDISMP.sys
2012-09-12 17:50:20 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-09-12 17:50:19 ----A---- C:\windows\system32\drivers\netio.sys
2012-09-12 17:50:19 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 17:50:16 ----A---- C:\windows\system32\d3d10level9.dll
2012-09-09 14:59:58 ----D---- C:\Program Files\SCREEN2EXE
2012-09-04 20:33:12 ----D---- C:\ProgramData\McAfee Security Scan
2012-09-04 20:32:56 ----D---- C:\Program Files\McAfee Security Scan
2012-09-04 00:34:38 ----A---- C:\windows\system32\drivers\bthport.sys
2012-09-03 23:40:48 ----A---- C:\windows\system32\srcore.dll
2012-09-03 23:40:37 ----A---- C:\windows\system32\win32k.sys
2012-09-03 23:40:30 ----A---- C:\windows\system32\win32spl.dll
2012-09-03 23:40:29 ----A---- C:\windows\system32\spoolsv.exe
2012-09-03 23:40:23 ----A---- C:\windows\system32\browser.dll
2012-09-03 23:40:22 ----A---- C:\windows\system32\netapi32.dll
2012-09-03 23:40:22 ----A---- C:\windows\system32\browcli.dll
2012-09-03 23:39:30 ----A---- C:\windows\system32\localspl.dll

======List of files/folders modified in the last 1 month======

2012-09-23 14:59:11 ----D---- C:\windows\Temp
2012-09-23 14:58:48 ----RD---- C:\Program Files
2012-09-23 14:48:54 ----D---- C:\ProgramData\VeriFace
2012-09-23 14:38:46 ----D---- C:\windows\tracing
2012-09-23 14:32:07 ----D---- C:\windows\system32\config
2012-09-23 13:50:33 ----D---- C:\Users\Pavol\AppData\Roaming\DMCache
2012-09-23 13:40:04 ----HD---- C:\ProgramData
2012-09-23 10:46:28 ----D---- C:\Windows
2012-09-22 21:25:29 ----D---- C:\windows\system32\drivers
2012-09-22 21:25:27 ----D---- C:\windows\inf
2012-09-22 21:25:26 ----D---- C:\windows\system32\catroot
2012-09-22 21:25:24 ----D---- C:\windows\system32\DriverStore
2012-09-22 21:24:50 ----D---- C:\windows\System32
2012-09-22 21:24:47 ----D---- C:\windows\winsxs
2012-09-22 21:24:23 ----SHD---- C:\System Volume Information
2012-09-22 21:21:15 ----D---- C:\windows\system32\catroot2
2012-09-22 21:11:01 ----SD---- C:\ProgramData\Microsoft
2012-09-22 18:51:36 ----SD---- C:\Users\Pavol\AppData\Roaming\Microsoft
2012-09-22 17:43:58 ----D---- C:\Users\Pavol\AppData\Roaming\VoipDiscount
2012-09-22 17:34:42 ----D---- C:\windows\system32\migration
2012-09-22 17:34:42 ----D---- C:\Program Files\Internet Explorer
2012-09-22 17:14:29 ----D---- C:\Program Files\Ask.com
2012-09-22 17:10:09 ----SHD---- C:\windows\Installer
2012-09-22 17:10:08 ----SHD---- C:\Config.Msi
2012-09-20 23:20:22 ----D---- C:\Users\Pavol\AppData\Roaming\Canon
2012-09-19 20:53:07 ----D---- C:\Users\Pavol\AppData\Roaming\vlc
2012-09-18 07:03:56 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-09-12 23:44:27 ----D---- C:\ProgramData\Microsoft Help
2012-09-12 23:18:42 ----A---- C:\windows\system32\MRT.exe
2012-09-09 18:29:12 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-09 14:10:12 ----D---- C:\Program Files\Mozilla Firefox
2012-09-04 20:33:27 ----D---- C:\ProgramData\Adobe
2012-09-04 20:33:02 ----D---- C:\ProgramData\McAfee
2012-09-04 20:32:47 ----D---- C:\windows\Tasks
2012-09-04 20:32:47 ----D---- C:\windows\system32\Tasks
2012-09-04 20:32:42 ----A---- C:\windows\system32\FlashPlayerApp.exe
2012-09-04 20:21:15 ----RSD---- C:\windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-05-20 45200]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-04-04 691696]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 PfFilter;PfFilter; \??\C:\Program Files\IObit\Protected Folder\pffilter.sys [2011-03-16 32672]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-05-31 260648]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2009-06-30 2505720]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2009-07-29 1182320]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2009-07-24 2664032]
R3 mdf16;mdf16; \??\C:\Program Files\Clarus\Samsung SecretZone\mdf16.sys [2010-08-11 18288]
R3 mvd22;mvd22; \??\C:\Program Files\Clarus\Samsung SecretZone\mvd22.sys [2010-08-11 70512]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2009-08-11 66080]
R3 nvsmu;nvsmu; C:\windows\system32\DRIVERS\nvsmu.sys [2009-07-17 17920]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-07-23 212912]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 al0f9o4c;al0f9o4c; C:\windows\system32\drivers\al0f9o4c.sys []
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 esihdrv;esihdrv; \??\C:\Users\Pavol\AppData\Local\Temp\esihdrv.sys []
S3 GemCCID;GemCCID; C:\windows\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102912]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-14 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-07-01 582944]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\QSTART.SYS\config\DVMExportService.exe [2009-07-08 323584]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-06 974944]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2009-08-10 211488]
R2 PdfCompressorFtpService;CVISION PdfCompressor Communication Service; C:\Program Files\CVision\PdfCompressor 5.0\ftpsvc.exe [2011-02-25 264704]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 SZASSIST;SecretZone Assist Service; C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CVCompressionService;CVISION PdfCompressor Watched Folder Service; C:\Program Files\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe [2011-02-25 569856]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-03-27 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-03-21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-03-21 79360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Pavol\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Orezávač obrazovky a spúšťač programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

HJT najdeš zde :

C:\Program Files\trend micro\Pavol.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Google Updater Service (gusvc)

McAfee Security Scan Component Host Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Přes Odebrat programy odinstaluj Spybot - SD který je už za zenitem.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[MH112]

Vďaka za bleskovú reakciu, prikladám teda log po úplnej kontrole. Ďakujem

PS: Počítač ide skutočne o poznanie rýchlejšie


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
http://www.malwarebytes.org

Verze databáze: v2012.09.27.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Pavol :: PAVOL-PC [administrátor]

Ochrana: Povolena

28. 9. 2012 16:31:18
mbam-log-2012-09-28 (16-31-18).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická

analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 482714
Uplynulý čas: 7 hodin, 12 minut, 3 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Roli]

Ještě se podíváme hlouběji, tak pozorně čti protože tenhle softík netoleruje chyby.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[alexandra7]

Pěkná práce...

[MH112]

Dobrý deň Vám prajem, nakoniec pripájam aj log ComboFix-u. Veľká vďaka. Dúfam, že je zatiaľ všetko v poriadku, až na zmazané položky z logu?

ComboFix 12-09-30.01 - Pavol . 09. 2012 22:03:00.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.1790.650 [GMT 2:00]
Running from: c:\users\Pavol\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
c:\users\Pavol\g2mdlhlpx.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 20:29 . 2012-09-30 20:29 -------- d-----w- c:\users\Pavol\AppData\Local\temp
2012-09-30 20:29 . 2012-09-30 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 19:37 . 2012-09-30 19:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321B109E-DDE4-4401-8999-844B8640BF8B}\offreg.dll
2012-09-28 22:20 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321B109E-DDE4-4401-8999-844B8640BF8B}\mpengine.dll
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\users\Pavol\AppData\Roaming\Malwarebytes
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-27 21:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-27 20:59 . 2012-09-27 20:59 -------- d-----w- c:\program files\CCleaner
2012-09-25 17:52 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 12:58 . 2012-09-27 20:50 -------- d-----w- c:\program files\trend micro
2012-09-23 12:58 . 2012-09-23 13:01 -------- d-----w- C:\rsit
2012-09-22 19:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-22 15:11 . 2012-09-22 15:11 -------- d-----w- C:\MATS
2012-09-22 15:03 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 15:03 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 15:03 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-22 15:03 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 15:03 . 2012-08-24 06:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-12 15:50 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:50 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:50 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:50 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:50 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:50 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 12:59 . 2012-09-09 13:00 -------- d-----w- c:\program files\SCREEN2EXE
2012-09-09 12:10 . 2012-09-09 12:10 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-04 18:33 . 2012-09-04 18:33 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-04 18:32 . 2012-09-04 18:32 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-03 22:34 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-03 21:40 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-03 21:40 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 21:40 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-09-03 21:40 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-03 21:40 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-03 21:40 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-03 21:39 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 18:32 . 2012-04-27 18:51 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 18:32 . 2011-09-04 18:24 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 12:10 . 2012-04-30 14:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-10 18:41 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-24 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-23 1537320]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-12-10 3122440]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"VolPanel"="c:\program files\Creative\USB Sound Blaster\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-06 3076144]
.
c:\users\Pavol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-4-21 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-4-21 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-4-21 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2012-3-21 122880]
CVista Monitor.lnk - c:\program files\CVision\License\CVistaMonitor.exe [2011-2-25 775680]
QSign.lnk - c:\program files\Ardaco\QSign\zepapp.exe [2010-5-12 5283328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 CVCompressionService;CVISION PdfCompressor Watched Folder Service;c:\program files\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 esihdrv;esihdrv;c:\users\Pavol\AppData\Local\Temp\esihdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 PdfCompressorFtpService;CVISION PdfCompressor Communication Service;c:\program files\CVision\PdfCompressor 5.0\ftpsvc.exe [x]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [x]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 18:32]
.
2010-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2012-09-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
2012-09-23 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-01 10:57]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\5dtrfrpc.default\
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-OwnData2Switch - #owndata20switch.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Memostation - d:\memostation\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,be,
b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,ae,
b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,a1,e4,cc,db,29,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,bb,05,e6,fb,48,52,49,84,d3,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,bb,05,e6,fb,48,52,49,84,d3,95,\
.
[HKEY_USERS\S-1-5-21-2963186513-4255357412-3814946783-1003_Classes\CLSID\{70b973e2-7558-413e-b697-6dda95b4f3f2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009e
"Therad"=dword:00000011
.
[HKEY_USERS\S-1-5-21-2963186513-4255357412-3814946783-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8b,59,5b,ef,9e,9d,39,ef,a2,f2,ec,e8,e8,70,aa,fc,17,b9,71,12,8a,
8d,03,dc,51,9c,34,f9,99,74,45,fa,60,c3,2b,7a,c4,ff,01,6b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 22:38:00
ComboFix-quarantined-files.txt 2012-09-30 20:37
.
Pre-Run: Volných bajtů: 30 891 851 776
Post-Run: Volných bajtů: 30 879 055 872
.
- - End Of File - - EF4FB8C978E8E978C5FAE830C0D88AE3

[Roli]

Pěkná práce...

Zdravím, byl bych moc rád kdybys nelezl(a) do cizích topiků.

Pokud Ti něco trápí založ si vlastní a tam to můžem probrat.

Dík.

[Roli]

MH112 ještě doladíme

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]  

AtJob::

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[MH112]

Dobrý deň, prikladám teda aj ďalší log, po načítaní skriptu. Je aj tento log viac menej v poriadku?


ComboFix 12-09-30.01 - Pavol . 10. 2012 18:37:51.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.1790.690 [GMT 2:00]
Running from: c:\users\Pavol\Desktop\ComboFix.exe
Command switches used :: c:\users\Pavol\Desktop\CFScript.txt.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\Pavol\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 )))))))))))))))))))))))))))))))
.
.
2012-10-01 17:05 . 2012-10-01 17:05 -------- d-----w- c:\users\Pavol\AppData\Local\temp
2012-10-01 17:05 . 2012-10-01 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 19:37 . 2012-09-30 19:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321B109E-DDE4-4401-8999-844B8640BF8B}\offreg.dll
2012-09-28 22:20 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{321B109E-DDE4-4401-8999-844B8640BF8B}\mpengine.dll
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\users\Pavol\AppData\Roaming\Malwarebytes
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-27 21:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 21:35 . 2012-09-27 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-27 20:59 . 2012-09-27 20:59 -------- d-----w- c:\program files\CCleaner
2012-09-25 17:52 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 12:58 . 2012-09-27 20:50 -------- d-----w- c:\program files\trend micro
2012-09-23 12:58 . 2012-09-23 13:01 -------- d-----w- C:\rsit
2012-09-22 19:23 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-22 15:11 . 2012-09-22 15:11 -------- d-----w- C:\MATS
2012-09-22 15:03 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 15:03 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 15:03 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-22 15:03 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 15:03 . 2012-08-24 06:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-12 15:50 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:50 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:50 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:50 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:50 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:50 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-09 12:59 . 2012-09-09 13:00 -------- d-----w- c:\program files\SCREEN2EXE
2012-09-09 12:10 . 2012-09-09 12:10 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-04 18:33 . 2012-09-04 18:33 -------- d-----w- c:\programdata\McAfee Security Scan
2012-09-04 18:32 . 2012-09-04 18:32 -------- d-----w- c:\program files\McAfee Security Scan
2012-09-03 22:34 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-03 21:40 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-03 21:40 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 21:40 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-09-03 21:40 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-03 21:40 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-03 21:40 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-03 21:39 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 18:32 . 2012-04-27 18:51 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 18:32 . 2011-09-04 18:24 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-09 12:10 . 2012-04-30 14:51 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-12-10 18:41 1410312 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-05-26 3220912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-24 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-23 1537320]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-12-10 3122440]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"VolPanel"="c:\program files\Creative\USB Sound Blaster\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-06 3076144]
.
c:\users\Pavol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-4-21 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-4-21 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-4-21 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-7-1 795936]
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2012-3-21 122880]
CVista Monitor.lnk - c:\program files\CVision\License\CVistaMonitor.exe [2011-2-25 775680]
QSign.lnk - c:\program files\Ardaco\QSign\zepapp.exe [2010-5-12 5283328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 CVCompressionService;CVISION PdfCompressor Watched Folder Service;c:\program files\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 esihdrv;esihdrv;c:\users\Pavol\AppData\Local\Temp\esihdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\qstart.sys\config\DVMExportService.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 PdfCompressorFtpService;CVISION PdfCompressor Communication Service;c:\program files\CVision\PdfCompressor 5.0\ftpsvc.exe [x]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [x]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [x]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 18:32]
.
2010-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2010-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2012-09-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pavol\AppData\Roaming\Mozilla\Firefox\Profiles\5dtrfrpc.default\
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,be,
b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,38,12,c2,99,1a,
36,00,8f,58,04,e1,8c,0d,76,4f,1c,0a,03
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"=hex:51,66,7a,6c,4c,1d,38,12,c3,1e,ae,
b9,74,87,79,0f,d2,d7,27,f5,b1,a1,11,c4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:70,a1,e4,cc,db,29,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,bb,05,e6,fb,48,52,49,84,d3,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ae,bb,05,e6,fb,48,52,49,84,d3,95,\
.
[HKEY_USERS\S-1-5-21-2963186513-4255357412-3814946783-1003_Classes\CLSID\{70b973e2-7558-413e-b697-6dda95b4f3f2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009e
"Therad"=dword:00000011
.
[HKEY_USERS\S-1-5-21-2963186513-4255357412-3814946783-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8b,59,5b,ef,9e,9d,39,ef,a2,f2,ec,e8,e8,70,aa,fc,17,b9,71,12,8a,
8d,03,dc,51,9c,34,f9,99,74,45,fa,60,c3,2b,7a,c4,ff,01,6b,00,00,00,00,00,00,\
.
Completion time: 2012-10-01 19:14:50
ComboFix-quarantined-files.txt 2012-10-01 17:14
ComboFix2.txt 2012-09-30 20:38
.
Pre-Run: Volných bajtů: 30 875 684 864
Post-Run: Volných bajtů: 40 671 649 792
.
- - End Of File - - 83C4E08A8A511E9EE247D6FEA40F714A

[Roli]

Už je to skoro v pořádku.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


No a poslední věc stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\At*.job /s

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[MH112]

Dobrý večer, obsah logu po reštartovaní, prikladám nižšie. Je to aktuálne plne v poriadku? Veľká vďaka


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pavol
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5882679 bytes
->Java cache emptied: 31482167 bytes
->FireFox cache emptied: 61381125 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10012012_234740

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


No a pokud již není s PC žádný problém je to z mé strany vše