Nějaká havet v počítači

Zpráva

Jules_S · #1 Příspěvek od **Jules_S** » 29 led 2013 11:57

Dnes ráno jsem měl nějaké problémy s firewallem ve windows. Do toho mi začalo blbnout připojení na wifi a Chrome.

Vše je v pořádku až na to, že píši dvojitě čárku a háčky ´´ˇˇ

Děkuji za radu a pomoc.

Jules

Vkládám log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jules_S at 2013-01-29 11:35:33
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 69 GB (39%) free of 177 GB
Total RAM: 2937 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:51, on 29.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\calc.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jules_S\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules_S\Downloads\RSIT.exe
C:\Program Files\trend micro\Jules_S.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jules_S\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Ernesewuw] C:\Users\Jules_S\AppData\Roaming\Nool\onvyo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13510 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Defraggler Volume C Task.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003UA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jules_S\AppData\Roaming\Mozilla\Firefox\Profiles\wpaal7g9.default-1350072476478

prefs.js - "browser.startup.homepage" - "http://www.bing.com/"

"{336D0C35-8A85-403a-B9D2-65C292C39087}"=C:\Program Files\Web Assistant\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-24 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2011-06-10 767288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-24 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-02-25 8522272]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-07 186904]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2012-09-20 186248]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-08 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-08 151064]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"AcWin7Hlpr"=C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [2012-09-07 63376]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2012-01-16 44096]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2011-06-10 3110200]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jules_S\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"BingWallpaperDownloader"= []
"Ernesewuw"=C:\Users\Jules_S\AppData\Roaming\Nool\onvyo.exe [2011-02-15 200704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-13 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2012-09-21 100712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-29 11:35:34 ----D---- C:\Program Files\trend micro
2013-01-29 11:35:33 ----D---- C:\rsit
2013-01-28 19:55:05 ----D---- C:\Users\Jules_S\AppData\Roaming\Ypces
2013-01-28 19:55:05 ----D---- C:\Users\Jules_S\AppData\Roaming\Ycroi
2013-01-28 19:55:05 ----D---- C:\Users\Jules_S\AppData\Roaming\Nool
2013-01-25 14:52:05 ----D---- C:\Program Files\Mozilla Firefox
2013-01-11 18:19:41 ----D---- C:\Program Files\Common Files\Skype
2013-01-11 18:19:32 ----RD---- C:\Program Files\Skype
2013-01-09 09:25:57 ----N---- C:\Windows\system32\win32k.sys
2013-01-09 09:25:56 ----N---- C:\Windows\system32\usp10.dll
2013-01-09 09:25:40 ----N---- C:\Windows\system32\taskhost.exe
2013-01-09 09:25:39 ----N---- C:\Windows\system32\ncrypt.dll
2013-01-09 09:25:22 ----N---- C:\Windows\system32\KernelBase.dll
2013-01-09 09:25:21 ----N---- C:\Windows\system32\winsrv.dll
2013-01-09 09:25:21 ----N---- C:\Windows\system32\kernel32.dll
2013-01-09 09:25:21 ----N---- C:\Windows\system32\conhost.exe
2013-01-09 09:25:20 ----H---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 09:25:20 ----H---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 09:25:20 ----H---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 09:25:19 ----H---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 09:25:18 ----H---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 09:25:18 ----H---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 09:25:18 ----H---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 09:25:03 ----N---- C:\Windows\system32\msxml6.dll
2013-01-09 09:24:54 ----N---- C:\Windows\system32\Wpc.dll
2013-01-09 09:24:54 ----N---- C:\Windows\system32\gameux.dll
2013-01-09 09:24:34 ----N---- C:\Windows\system32\win32spl.dll
2013-01-08 19:17:17 ----D---- C:\Users\Jules_S\AppData\Roaming\AdobeUM
2013-01-05 11:52:20 ----N---- C:\Windows\system32\SynTPCo14.dll
2013-01-05 11:52:20 ----N---- C:\Windows\system32\SynTPAPI.dll
2013-01-05 11:52:20 ----N---- C:\Windows\system32\drivers\SynTP.sys
2013-01-05 11:52:18 ----N---- C:\Windows\system32\drivers\Smb_driver_Intel.sys
2013-01-05 11:51:35 ----N---- C:\Windows\system32\tpinspm.dll
2013-01-05 11:51:35 ----N---- C:\Windows\system32\ibmpmsvc.exe
2013-01-05 11:51:35 ----N---- C:\Windows\system32\ibmpmctl.exe
2013-01-05 11:51:35 ----N---- C:\Windows\system32\drivers\ibmpmdrv.sys

======List of files/folders modified in the last 1 month======

2013-01-29 11:35:46 ----D---- C:\Windows\Prefetch
2013-01-29 11:35:34 ----RD---- C:\Program Files
2013-01-29 11:35:13 ----D---- C:\Windows\Temp
2013-01-29 09:11:40 ----D---- C:\Windows\system32\config
2013-01-29 08:53:40 ----D---- C:\Windows\System32
2013-01-29 08:53:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-29 08:53:39 ----D---- C:\Windows\inf
2013-01-28 20:31:20 ----D---- C:\Windows\system32\Tasks
2013-01-28 20:19:05 ----D---- C:\ProgramData\PCDr
2013-01-28 19:55:19 ----SD---- C:\Users\Jules_S\AppData\Roaming\Microsoft
2013-01-27 21:00:00 ----SHD---- C:\System Volume Information
2013-01-27 20:02:34 ----D---- C:\Program Files\Defraggler
2013-01-27 07:42:19 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-26 13:37:54 ----D---- C:\Program Files\Opera
2013-01-25 20:28:19 ----D---- C:\Windows\system32\NDF
2013-01-25 12:02:59 ----D---- C:\swshare
2013-01-22 21:44:19 -------- C:\Users\Jules_S\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-01-21 15:25:54 ----D---- C:\Windows
2013-01-19 23:11:12 ----D---- C:\Windows\system32\catroot2
2013-01-15 21:59:19 ----D---- C:\Users\Jules_S\AppData\Roaming\Winamp
2013-01-15 21:58:18 ----D---- C:\Windows\Logs
2013-01-15 21:58:18 ----D---- C:\Windows\debug
2013-01-15 15:06:24 ----D---- C:\Program Files\CCleaner
2013-01-12 18:36:22 ----D---- C:\Windows\rescache
2013-01-11 18:38:28 ----D---- C:\Users\Jules_S\AppData\Roaming\Skype
2013-01-11 18:19:48 ----SHD---- C:\Windows\Installer
2013-01-11 18:19:48 ----D---- C:\Program Files\Windows Live
2013-01-11 18:19:47 ----SHD---- C:\Config.Msi
2013-01-11 18:19:47 ----D---- C:\ProgramData\Skype
2013-01-11 18:19:41 ----D---- C:\Program Files\Common Files
2013-01-10 19:25:12 ----N---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-10 12:32:50 ----D---- C:\Windows\Microsoft.NET
2013-01-10 12:32:49 ----RSD---- C:\Windows\assembly
2013-01-09 12:29:06 ----D---- C:\Windows\winsxs
2013-01-09 12:26:11 ----D---- C:\Windows\system32\cs-CZ
2013-01-09 09:26:32 ----N---- C:\Windows\system32\MRT.exe
2013-01-09 09:24:58 ----D---- C:\Windows\system32\catroot
2013-01-09 00:13:16 ----D---- C:\Program Files\Common Files\Adobe
2013-01-08 19:25:52 ----D---- C:\Program Files\Adobe
2013-01-08 19:25:50 ----RSD---- C:\Windows\Fonts
2013-01-05 12:15:55 ----D---- C:\Windows\system32\drivers
2013-01-05 11:52:42 ----D---- C:\Windows\system32\DriverStore
2013-01-05 11:50:43 ----RSD---- C:\Windows\Media
2013-01-05 08:33:54 ----D---- C:\Program Files\iTV
2012-12-31 08:38:30 ----D---- C:\Program Files\Winamp
2012-12-31 08:35:25 ----D---- C:\Program Files\Winamp Detect

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2012-07-23 129384]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2012-09-24 18280]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
R3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 143360]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2012-12-05 36040]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-13 5946368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-02-25 3026592]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2010-12-13 144472]
R3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\Netwsn00.sys [2012-06-03 10364416]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-12-27 33080]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-17 38200]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-10-17 347448]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2012-03-15 143360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 49664]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 102912]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2009-07-14 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [2012-09-07 133008]
R2 AcSvc;AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [2012-09-07 272272]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 509448]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-23 104208]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2009-07-02 582944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-06-25 500016]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-07 354840]
R2 IBMPMSVC;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2012-12-05 51056]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-06-25 108336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2011-06-10 1033528]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-10 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-25 115608]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-25 241968]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-09-24 1666112]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-09-24 1665088]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2012-11-23 21416]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2011-12-28 41800]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2010-07-06 1475896]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1343400]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 29 led 2013 13:22

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Jules_S · #3 Příspěvek od **Jules_S** » 29 led 2013 17:32

log rkill:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/29/2013 04:46:50 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/29/2013 04:47:33 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)

Jules_S · #4 Příspěvek od **Jules_S** » 29 led 2013 17:34

log Combofix:

ComboFix 13-01-29.01 - Jules_S 29.01.2013 16:55:06.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1652 [GMT 1:00]
Spuštěný z: c:\users\Jules_S\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\MLPS\apps\csbed\CSBE\ACTIVATION_104\_desktop.ini
c:\program files\MLPS\apps\csbed\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\programdata\Roaming
c:\users\Jules_S\AppData\Roaming\Nool
c:\users\Jules_S\AppData\Roaming\Nool\onvyo.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\SET1AE0.tmp
c:\windows\system32\SET348A.tmp
c:\windows\system32\SET73A5.tmp
c:\windows\system32\SET74CE.tmp
c:\windows\system32\SETAD02.tmp
c:\windows\system32\SETAE1C.tmp
c:\windows\system32\SETC40B.tmp
c:\windows\system32\SETC4E6.tmp
c:\windows\system32\SETC889.tmp
c:\windows\system32\SETDA33.tmp
c:\windows\system32\Thumbs.db
c:\windows\wininit.ini
E:\Autorun.inf
Q:\autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 16:10 . 2013-01-29 16:15 -------- d-----w- c:\users\Jules_S\AppData\Local\temp
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- c:\program files\trend micro
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- C:\rsit
2013-01-29 08:01 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A567B202-B78C-4A63-B606-6E5ED6B4CE3A}\mpengine.dll
2013-01-28 18:55 . 2013-01-29 00:56 -------- d-----w- c:\users\Jules_S\AppData\Roaming\Ycroi
2013-01-28 18:55 . 2013-01-28 18:55 -------- d-----w- c:\users\Jules_S\AppData\Roaming\Ypces
2013-01-27 19:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----w- c:\program files\Common Files\Skype
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----r- c:\program files\Skype
2013-01-09 08:24 . 2012-12-07 12:26 308736 ------w- c:\windows\system32\Wpc.dll
2013-01-08 18:17 . 2013-01-08 18:17 -------- d-----w- c:\users\Jules_S\AppData\Roaming\AdobeUM
2013-01-05 10:52 . 2012-10-17 22:21 347448 ------w- c:\windows\system32\drivers\SynTP.sys
2013-01-05 10:52 . 2012-10-17 22:21 175416 ------w- c:\windows\system32\SynTPAPI.dll
2013-01-05 10:52 . 2012-10-17 22:21 142648 ------w- c:\windows\system32\SynTPCo14.dll
2013-01-05 10:52 . 2012-10-17 22:21 38200 ------w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-01-05 10:51 . 2012-12-05 20:05 51056 ------w- c:\windows\system32\ibmpmsvc.exe
2013-01-05 10:51 . 2012-12-05 20:05 36208 ------w- c:\windows\system32\tpinspm.dll
2013-01-05 10:51 . 2012-12-05 20:05 36040 ------w- c:\windows\system32\drivers\ibmpmdrv.sys
2013-01-05 10:51 . 2012-12-05 20:05 72048 ------w- c:\windows\system32\ibmpmctl.exe
2013-01-05 08:26 . 2013-01-05 08:32 -------- d-----w- c:\users\Jules_S\.freeguide
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 18:25 . 2012-04-18 21:22 697864 ------w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 18:25 . 2011-05-13 17:18 74248 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-20 09:01 . 2012-06-09 09:51 483952 ------w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-16 14:13 . 2012-12-21 13:50 295424 ------w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:50 34304 ------w- c:\windows\system32\atmlib.dll
2012-11-28 22:47 . 2012-11-28 22:47 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3ECF72-DC50-4FD3-855D-66D3DE1970F1}\gapaengine.dll
2012-11-14 02:09 . 2012-12-14 02:04 1800704 ------w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 02:04 1427968 ------w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 02:04 1129472 ------w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 02:04 142848 ------w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 02:04 420864 ------w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 02:04 2382848 ------w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:38 2048 ------w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:38 376832 ------w- c:\windows\system32\dpnet.dll
2013-01-25 13:52 . 2013-01-25 13:52 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2012-09-20 186248]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-09-24 4446784]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 11:48 100712 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 18:25]
.
2013-01-27 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2012-12-08 14:20]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003Core.job
- c:\users\Jules_S\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 20:38]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003UA.job
- c:\users\Jules_S\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 20:38]
.
2013-01-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-01-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.bing.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jules_S\AppData\Roaming\Mozilla\Firefox\Profiles\wpaal7g9.default-1350072476478\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-BingWallpaperDownloader - (no file)
HKCU-Run-Ernesewuw - c:\users\Jules_S\AppData\Roaming\Nool\onvyo.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(640)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(5988)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2013-01-29 17:27:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-29 16:27
.
Před spuštěním: Volných bajtů: 72 140 955 648
Po spuštění: Volných bajtů: 71 837 908 992
.
- - End Of File - - 14A100165918669BFEB44590F0732BDD

Jules_S · #5 Příspěvek od **Jules_S** » 29 led 2013 17:39

Psaní ´ˇ už jde v pořádku.

Díky za zprávu, jestli mám ještě něco smazat nebo to byl onvy.exe?

Díky.

#6 Příspěvek od **vyosek** » 29 led 2013 19:18

jeste neutikejte, je treba docistit

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\users\Jules_S\AppData\Roaming\Ycroi
c:\users\Jules_S\AppData\Roaming\Ypces

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Message Center Plus"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000

DDS::
uStart Page = hxxp://www.bing.com/

Firefox::
FF - ProfilePath - c:\users\Jules_S\AppData\Roaming\Mozilla\Firefox\Profiles\wpaal7g9.default-1350072476478\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Defraggler Volume C Task.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003UA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Jules_S · #7 Příspěvek od **Jules_S** » 29 led 2013 20:39

Neutekl jsem, jen jsem vařil večeři. Antivir něco promazal a já jsem odinstaloval Javu.

Znovu spuštěný Combofix proběhl v pořádku a tady je log:

ComboFix 13-01-29.01 - Jules_S 29.01.2013 20:17:59.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1799 [GMT 1:00]
Spuštěný z: c:\users\Jules_S\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jules_S\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\Defraggler Volume C Task.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003UA.job"
"c:\windows\tasks\PCDoctorBackgroundMonitorTask.job"
"c:\windows\tasks\SystemToolsDailyTest.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\users\Jules_S\AppData\Roaming\Ycroi
c:\users\Jules_S\AppData\Roaming\Ypces
c:\users\Jules_S\AppData\Roaming\Ypces\ufleh.onn
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\Defraggler Volume C Task.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3082645742-2992053515-505463329-1003UA.job
c:\windows\tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\tasks\SystemToolsDailyTest.job
E:\Autorun.inf
E:\fjfbd.pif
E:\lwas.exe
Q:\autorun.inf
Q:\osud.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 19:28 . 2013-01-29 19:30 -------- d-----w- c:\users\Jules_S\AppData\Local\temp
2013-01-29 19:28 . 2013-01-29 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-29 19:16 . 2013-01-29 19:16 103140 --sh--r- C:\rlrvi.exe
2013-01-29 17:54 . 2013-01-29 17:54 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\MpKsl1de60098.sys
2013-01-29 17:53 . 2013-01-29 17:53 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\offreg.dll
2013-01-29 16:41 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\mpengine.dll
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- c:\program files\trend micro
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- C:\rsit
2013-01-27 19:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----w- c:\program files\Common Files\Skype
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----r- c:\program files\Skype
2013-01-09 08:24 . 2012-12-07 12:26 308736 ------w- c:\windows\system32\Wpc.dll
2013-01-08 18:17 . 2013-01-08 18:17 -------- d-----w- c:\users\Jules_S\AppData\Roaming\AdobeUM
2013-01-05 10:52 . 2012-10-17 22:21 347448 ------w- c:\windows\system32\drivers\SynTP.sys
2013-01-05 10:52 . 2012-10-17 22:21 175416 ------w- c:\windows\system32\SynTPAPI.dll
2013-01-05 10:52 . 2012-10-17 22:21 142648 ------w- c:\windows\system32\SynTPCo14.dll
2013-01-05 10:52 . 2012-10-17 22:21 38200 ------w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-01-05 10:51 . 2012-12-05 20:05 51056 ------w- c:\windows\system32\ibmpmsvc.exe
2013-01-05 10:51 . 2012-12-05 20:05 36208 ------w- c:\windows\system32\tpinspm.dll
2013-01-05 10:51 . 2012-12-05 20:05 36040 ------w- c:\windows\system32\drivers\ibmpmdrv.sys
2013-01-05 10:51 . 2012-12-05 20:05 72048 ------w- c:\windows\system32\ibmpmctl.exe
2013-01-05 08:26 . 2013-01-05 08:32 -------- d-----w- c:\users\Jules_S\.freeguide
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 19:31 . 2013-01-29 19:31 103140 --sh--r- C:\hwvvo.pif
2013-01-10 18:25 . 2012-04-18 21:22 697864 ------w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 18:25 . 2011-05-13 17:18 74248 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-20 09:01 . 2012-06-09 09:51 483952 ------w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-16 14:13 . 2012-12-21 13:50 295424 ------w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:50 34304 ------w- c:\windows\system32\atmlib.dll
2012-11-28 22:47 . 2012-11-28 22:47 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3ECF72-DC50-4FD3-855D-66D3DE1970F1}\gapaengine.dll
2012-11-14 02:09 . 2012-12-14 02:04 1800704 ------w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 02:04 1427968 ------w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 02:04 1129472 ------w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 02:04 142848 ------w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 02:04 420864 ------w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 02:04 2382848 ------w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:38 2048 ------w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:38 376832 ------w- c:\windows\system32\dpnet.dll
2013-01-25 13:52 . 2013-01-25 13:52 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2012-09-20 186248]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-09-24 4446784]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 11:48 100712 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 MpKsl1de60098;MpKsl1de60098;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\MpKsl1de60098.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jules_S\AppData\Roaming\Mozilla\Firefox\Profiles\wpaal7g9.default-1350072476478\
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4228)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Celkový čas: 2013-01-29 20:35:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-29 19:34
ComboFix2.txt 2013-01-29 16:28
.
Před spuštěním: Volných bajtů: 71 729 823 744
Po spuštění: Volných bajtů: 71 657 218 048
.
- - End Of File - - 3603DADD175B714C43E55E9CF970DF3C

#8 Příspěvek od **vyosek** » 29 led 2013 20:41

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Jules_S · #9 Příspěvek od **Jules_S** » 29 led 2013 20:45

Co to znamena zapojte všechny usbklíče?

Do každé usb zdířky mám vložit flasku? používám asi 3, disk nepoužívám.

#10 Příspěvek od **vyosek** » 29 led 2013 20:58

Ano, flash disky zapojte

Jules_S · #11 Příspěvek od **Jules_S** » 29 led 2013 20:59

log prvních 3 USB mám ještě jedno (nemám kam zapojit), ale s tím počkám co vy na to?

############################## | UsbFix V 7.096 | [Research]

User: Jules_S (Administrator) # JULES_THINK
Updated 15/08/2012 by El Desaparecido
Started at 20:53:09 | 29/01/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: LENOVO (2847Q3G) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz (2201)
RAM -> [Total : 2937 | Free : 1866]
BIOS: Ver 1.00PARTTBL
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Microsoft Security Essentials [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 173 Gb (67 Mb free - 39%) [Windows7_OS] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 114 Gb (76 Mb free - 67%) [Data] # NTFS
F:\ -> Removable drive # 4 Gb (2 Mb free - 45%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (2 Mb free - 27%) [] # FAT32
H:\ -> Removable drive # 120 Mb (50 Mb free - 42%) [] # FAT
Q:\ -> Fixed drive # 10 Gb (3 Mb free - 28%) [Lenovo_Recovery] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (512)
C:\Windows\system32\wininit.exe (556)
C:\Windows\system32\csrss.exe (580)
C:\Windows\system32\services.exe (616)
C:\Windows\system32\lsass.exe (632)
C:\Windows\system32\lsm.exe (640)
C:\Windows\system32\winlogon.exe (704)
C:\Windows\system32\svchost.exe (784)
C:\Windows\system32\ibmpmsvc.exe (848)
C:\Windows\system32\svchost.exe (904)
c:\Program Files\Microsoft Security Client\MsMpEng.exe (972)
C:\Windows\System32\svchost.exe (1060)
C:\Windows\System32\svchost.exe (1112)
C:\Windows\system32\svchost.exe (1140)
C:\Windows\system32\svchost.exe (1228)
C:\Windows\system32\svchost.exe (1264)
C:\Windows\System32\WUDFHost.exe (1412)
C:\Windows\system32\svchost.exe (1524)
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (1676)
C:\Windows\system32\WLANExt.exe (1960)
C:\Windows\system32\conhost.exe (1968)
C:\Windows\System32\spoolsv.exe (2040)
C:\Windows\system32\svchost.exe (528)
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (1584)
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (1620)
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe (1724)
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe (1740)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1188)
C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2092)
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (2152)
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (2284)
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (2308)
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (2328)
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (2360)
C:\Windows\System32\svchost.exe (2400)
C:\Windows\System32\svchost.exe (2436)
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2488)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2564)
C:\Windows\system32\svchost.exe (2636)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2756)
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (2796)
C:\Program Files\Lenovo\Access Connections\AcSvc.exe (2824)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3064)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (3100)
C:\Windows\system32\wbem\unsecapp.exe (3280)
C:\Windows\system32\wbem\wmiprvse.exe (3328)
C:\Windows\system32\svchost.exe (3820)
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe (3296)
C:\Windows\system32\Dwm.exe (3552)
C:\Windows\system32\taskhost.exe (2088)
C:\Windows\system32\taskeng.exe (3780)
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe (2712)
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe (3840)
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (1888)
C:\Program Files\Lenovo\Zoom\TpScrex.exe (4056)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (4080)
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (3020)
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (2188)
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (1880)
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3924)
C:\Windows\System32\TpShocks.exe (2248)
C:\Windows\System32\hkcmd.exe (2924)
C:\Windows\System32\igfxpers.exe (2936)
C:\Windows\System32\rundll32.exe (2432)
C:\Windows\WindowsMobile\wmdc.exe (2960)
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (3440)
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (3040)
C:\Program Files\Microsoft Security Client\msseces.exe (2056)
C:\Program Files\Windows Sidebar\sidebar.exe (3408)
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (4132)
C:\Windows\system32\igfxsrvc.exe (4256)
C:\Windows\system32\svchost.exe (4264)
C:\Windows\system32\svchost.exe (4736)
C:\Windows\system32\wbem\wmiprvse.exe (5048)
C:\Windows\system32\SearchIndexer.exe (4976)
C:\Windows\system32\igfxext.exe (5244)
C:\Program Files\Windows Media Player\wmpnetwk.exe (5292)
C:\Windows\System32\svchost.exe (5072)
C:\Windows\system32\DllHost.exe (4524)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (4828)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (3164)
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (5920)
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (3584)
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (4948)
C:\Windows\Explorer.exe (4228)
C:\Windows\System32\WUDFHost.exe (3572)
C:\Windows\system32\SearchProtocolHost.exe (5376)
C:\Windows\system32\SearchFilterHost.exe (636)
C:\UsbFix\Go.exe (3636)

################## | Files # Infected Folders |

Found ! C:\hwvvo.pif
Found ! C:\autorun.inf
Found ! E:\autorun.inf
Found ! F:\autorun.inf
Found ! G:\autorun.inf
Found ! H:\autorun.inf
Found ! Q:\autorun.inf
Found ! E:\gfxsiy.exe
Found ! H:\yjhrhq.exe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

#12 Příspěvek od **vyosek** » 29 led 2013 21:03

OK, tohle zatim staci

Jeste jeden skript pro CF, postup stejny

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"FirewallOverride"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"UacDisableNotify"=dword:00000000

File::
C:\rlrvi.exe
C:\hwvvo.pif

Reboot::

Jules_S · #13 Příspěvek od **Jules_S** » 29 led 2013 21:27

Log z Combofixu. Mám ještě zkontrolovat poslední USB? Zajímavý je, že mi poslední CF smazal usbfix z plochy.

ComboFix 13-01-29.01 - Jules_S 29.01.2013 21:08:03.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1651 [GMT 1:00]
Spuštěný z: c:\users\Jules_S\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jules_S\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\hwvvo.pif"
"C:\rlrvi.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
C:\hwvvo.pif
C:\rlrvi.exe
E:\Autorun.inf
Q:\Autorun.inf
Q:\upqbr.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-28 do 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 20:17 . 2013-01-29 20:19 -------- d-----w- c:\users\Jules_S\AppData\Local\temp
2013-01-29 20:17 . 2013-01-29 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-29 19:52 . 2013-01-29 19:56 -------- d-----w- C:\UsbFix
2013-01-29 17:53 . 2013-01-29 17:53 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\offreg.dll
2013-01-29 16:41 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95A878EB-E1C7-4C2D-AB46-2138B90B10BB}\mpengine.dll
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- c:\program files\trend micro
2013-01-29 10:35 . 2013-01-29 10:35 -------- d-----w- C:\rsit
2013-01-27 19:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----w- c:\program files\Common Files\Skype
2013-01-11 17:19 . 2013-01-11 17:19 -------- d-----r- c:\program files\Skype
2013-01-09 08:24 . 2012-12-07 12:26 308736 ------w- c:\windows\system32\Wpc.dll
2013-01-08 18:17 . 2013-01-08 18:17 -------- d-----w- c:\users\Jules_S\AppData\Roaming\AdobeUM
2013-01-05 10:52 . 2012-10-17 22:21 347448 ------w- c:\windows\system32\drivers\SynTP.sys
2013-01-05 10:52 . 2012-10-17 22:21 175416 ------w- c:\windows\system32\SynTPAPI.dll
2013-01-05 10:52 . 2012-10-17 22:21 142648 ------w- c:\windows\system32\SynTPCo14.dll
2013-01-05 10:52 . 2012-10-17 22:21 38200 ------w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-01-05 10:51 . 2012-12-05 20:05 51056 ------w- c:\windows\system32\ibmpmsvc.exe
2013-01-05 10:51 . 2012-12-05 20:05 36208 ------w- c:\windows\system32\tpinspm.dll
2013-01-05 10:51 . 2012-12-05 20:05 36040 ------w- c:\windows\system32\drivers\ibmpmdrv.sys
2013-01-05 10:51 . 2012-12-05 20:05 72048 ------w- c:\windows\system32\ibmpmctl.exe
2013-01-05 08:26 . 2013-01-05 08:32 -------- d-----w- c:\users\Jules_S\.freeguide
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 20:20 . 2013-01-29 20:20 103140 --sh--r- C:\mvogre.pif
2013-01-10 18:25 . 2012-04-18 21:22 697864 ------w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 18:25 . 2011-05-13 17:18 74248 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-20 09:01 . 2012-06-09 09:51 483952 ------w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-16 14:13 . 2012-12-21 13:50 295424 ------w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:50 34304 ------w- c:\windows\system32\atmlib.dll
2012-11-28 22:47 . 2012-11-28 22:47 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C3ECF72-DC50-4FD3-855D-66D3DE1970F1}\gapaengine.dll
2012-11-14 02:09 . 2012-12-14 02:04 1800704 ------w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 02:04 1427968 ------w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 02:04 1129472 ------w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 02:04 142848 ------w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 02:04 420864 ------w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 02:04 2382848 ------w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 07:38 2048 ------w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 07:38 376832 ------w- c:\windows\system32\dpnet.dll
2013-01-25 13:52 . 2013-01-25 13:52 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-14 20:26 222712 ------w- c:\users\Jules_S\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-25 8522272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2012-09-20 186248]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-09-24 4446784]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2012-09-07 63376]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-2 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2012-09-21 11:48 100712 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jules_S\AppData\Roaming\Mozilla\Firefox\Profiles\wpaal7g9.default-1350072476478\
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(632)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4716)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Celkový čas: 2013-01-29 21:24:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-29 20:24
ComboFix2.txt 2013-01-29 19:35
ComboFix3.txt 2013-01-29 16:28
.
Před spuštěním: Volných bajtů: 71 701 106 688
Po spuštění: Volných bajtů: 71 635 611 648
.
- - End Of File - - CD7A1CE29A6D448A83619DB6F14EF38B

#14 Příspěvek od **vyosek** » 29 led 2013 21:34

Zatim nespousteje

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Jules_S · #15 Příspěvek od **Jules_S** » 29 led 2013 22:36

log mbam:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.29.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jules_S :: JULES_THINK [administrátor]

Ochrana: Povolena

29.1.2013 21:39:55
MBAM-log-2013-01-29 (22-34-40).txt

Typ: Kompletní kontrola (C:\|E:\|F:\|G:\|H:\|Q:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 368123
Uplynulý čas: 54 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 15
C:\mvogre.pif (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\C\rlrvi.exe.vir (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\E\fjfbd.pif.vir (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\Q\osud.pif.vir (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
C:\Qoobox\Quarantine\Q\upqbr.pif.vir (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
E:\gfxsiy.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
E:\kqnd.pif (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
E:\rwofx.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
E:\Angry.Birds.Rio.v1.2.2\NFOviewer.exe (Malware.Packer.Krunchy) -> Nebyla provedena žádná instrukce.
F:\ppbcx.pif (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
G:\cocxy.pif (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
H:\yjhrhq.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
Q:\ggtp.pif (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
Q:\gpunm.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.
Q:\gwitlc.exe (Malware.Packer.Gen) -> Nebyla provedena žádná instrukce.

(konec)

VIRY.CZ

Nějaká havet v počítači

Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači

Re: Nějaká havet v počítači