skrytá složka bunda se souborem vratije.exe na flashdisku

Zpráva

mystikp · #1 Příspěvek od **mystikp** » 16 srp 2010 23:07

Zdravím,
dnes jsem svůj flashdisk připojil k MAC počítači a po samovolném odpojení jsem si všimnul že je na něm skrytá složka bunda. Samovolné odpojení se pak ještě opakovalo, v tu chvíli potřebné soubory se nedokopírovaly.
Po připojení k jinému počítači s W7 okamžitě vyběhnul avast se sirénou že je v té složce bunda podezřelý soubor vratije.exe . Setkali jste se s tím už někdo? Tušíte co to je? Tu složku jsem tam rozhodně vědomě nezakládal a o její existenci jsem nevěděl.
Na mém počítači s NIS 2010 jsem se testováním ničeho nedohledal, složku jsem po zapnutí zobrazení skrytých souborů bez problémů smazal, nicméně pro jistotu přikládám log z RSIT a prosím o kontrolu zda tu "něco nemám" i když zatím žádné příznaky nepozoruji.
Díky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jiří Tichý at 2010-08-16 23:56:02
Microsoft Windows 7 Professional
System drive C: has 29 GB (36%) free of 80 GB
Total RAM: 3030 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:56:08, on 16.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ico.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Jiří Tichý\Desktop\RSIT.exe
C:\Program Files\trend micro\Jiří Tichý.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE
O4 - HKLM\..\Run: [D-Link Network USB Utility] C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe -mini
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /isolated /autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} (Launch Control) - file:///E:/launch.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Session Launcher Service (PelService) - Unknown owner - C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 11974 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\Web.AliveUpdateTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-08-27 763192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-03 1791272]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-12-21 69568]
""= []
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-12-11 337256]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2009-10-20 1582328]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28 49976]
"AcWin7Hlpr"=C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [2009-10-13 36864]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-08-27 3089720]
"FingerPrintSoftwareSplashScreen"=C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [2009-10-20 102400]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-29 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-29 175128]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-29 166936]
"tsnp2uvc"=C:\Windows\tsnp2uvc.exe []
"Daemon for Mouse Suite"=C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [2009-07-22 98304]
"D-Link Network USB Utility"=C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe [2008-12-26 2605312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2010-04-20 62312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2010-05-28 5801936]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-10-08 226304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowCpl"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-08-16 23:35:01 ----D---- C:\Program Files\trend micro
2010-08-16 23:35:00 ----D---- C:\rsit
2010-08-14 21:23:17 ----D---- C:\Program Files\Common Files\Java
2010-08-14 21:23:09 ----A---- C:\Windows\system32\javaws.exe
2010-08-14 21:23:09 ----A---- C:\Windows\system32\javaw.exe
2010-08-14 21:23:09 ----A---- C:\Windows\system32\java.exe
2010-08-11 11:05:11 ----A---- C:\Windows\qfe472.tmp
2010-08-11 10:52:00 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 10:51:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 10:51:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 10:51:53 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 10:51:52 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 10:51:52 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 10:51:51 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 10:51:51 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 10:51:51 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 10:51:51 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 10:51:51 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 10:51:50 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 10:51:50 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 10:51:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 10:51:50 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 10:51:50 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 10:51:49 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 10:51:49 ----A---- C:\Windows\system32\ir32_32.dll
2010-08-11 10:51:49 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 10:51:48 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-11 10:51:48 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 10:51:48 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 10:51:44 ----A---- C:\Windows\system32\win32k.sys
2010-08-03 22:26:58 ----D---- C:\ProgramData\PC-Doctor for Windows
2010-08-03 08:06:57 ----A---- C:\Windows\system32\shell32.dll
2010-07-26 12:48:12 ----D---- C:\Program Files\Scorched3D
2010-07-24 22:43:25 ----A---- C:\Windows\system32\SynTPCo4.dll
2010-07-24 22:43:25 ----A---- C:\Windows\system32\SynTPAPI.dll
2010-07-24 22:43:25 ----A---- C:\Windows\system32\drivers\SynTP.sys
2010-07-24 22:43:24 ----A---- C:\Windows\system32\SynCtrl.dll
2010-07-24 22:43:24 ----A---- C:\Windows\system32\SynCOM.dll
2010-07-23 08:19:27 ----D---- C:\Program Files\Common Files\Skype
2010-07-19 14:58:05 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\LEGO Company
2010-07-19 14:57:59 ----D---- C:\Program Files\LEGO Company
2010-07-01 13:11:36 ----A---- C:\Windows\system32\drivers\smiif32.sys
2010-07-01 13:10:58 ----D---- C:\ProgramData\Intel
2010-07-01 13:08:33 ----D---- C:\Program Files\Cisco
2010-07-01 13:08:31 ----D---- C:\Program Files\Common Files\Intel
2010-06-23 23:25:15 ----N---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 23:25:15 ----N---- C:\Windows\system32\PresentationHost.exe
2010-06-23 23:25:15 ----N---- C:\Windows\system32\netfxperf.dll
2010-06-23 23:25:15 ----N---- C:\Windows\system32\mscoree.dll
2010-06-23 23:25:15 ----N---- C:\Windows\system32\dfshim.dll
2010-06-23 08:51:32 ----N---- C:\Windows\system32\ntdll.dll
2010-06-23 08:51:31 ----N---- C:\Windows\system32\msdri.dll
2010-06-23 08:51:31 ----N---- C:\Windows\system32\CPFilters.dll
2010-06-16 13:31:23 ----N---- C:\Windows\system32\drivers\appdrv01.sys
2010-06-16 13:31:23 ----N---- C:\Windows\system32\appdrvrem01.exe
2010-06-16 11:16:32 ----D---- C:\Program Files\1C Company
2010-06-10 08:30:45 ----N---- C:\Windows\system32\asycfilt.dll
2010-06-10 08:30:17 ----N---- C:\Windows\system32\atmlib.dll
2010-06-10 08:30:17 ----N---- C:\Windows\system32\atmfd.dll
2010-06-08 22:00:03 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2010-06-08 22:00:00 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2010-06-08 21:59:54 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2010-06-08 21:59:48 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2010-06-08 21:58:45 ----N---- C:\Windows\system32\drivers\btusbflt.sys
2010-06-08 21:10:25 ----D---- C:\Windows\system32\Wat
2010-05-26 09:10:07 ----N---- C:\Windows\system32\tzres.dll
2010-05-20 00:21:01 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\Update

======List of files/folders modified in the last 3 months======

2010-08-16 23:51:56 ----D---- C:\Windows\System32
2010-08-16 23:51:56 ----D---- C:\Windows\inf
2010-08-16 23:51:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-16 23:51:38 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\Skype
2010-08-16 23:49:50 ----D---- C:\Windows\Temp
2010-08-16 23:48:15 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\AIMP
2010-08-16 23:47:47 ----D---- C:\Windows\system32\config
2010-08-16 23:47:03 ----SHD---- C:\System Volume Information
2010-08-16 23:35:01 ----RD---- C:\Program Files
2010-08-16 23:34:55 ----D---- C:\Windows\Prefetch
2010-08-16 21:47:17 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\skypePM
2010-08-14 21:23:17 ----SHD---- C:\Windows\Installer
2010-08-14 21:23:17 ----D---- C:\Program Files\Common Files
2010-08-14 21:23:07 ----D---- C:\Program Files\Java
2010-08-11 11:22:29 ----D---- C:\Windows\Microsoft.NET
2010-08-11 11:22:19 ----RSD---- C:\Windows\assembly
2010-08-11 11:05:22 ----D---- C:\Windows
2010-08-11 11:04:24 ----D---- C:\Windows\system32\Tasks
2010-08-11 11:01:08 ----D---- C:\Windows\winsxs
2010-08-11 10:59:17 ----D---- C:\Windows\system32\drivers
2010-08-11 10:59:15 ----D---- C:\Windows\system32\migration
2010-08-11 10:59:15 ----D---- C:\Program Files\Internet Explorer
2010-08-11 10:55:47 ----D---- C:\ProgramData\Microsoft Help
2010-08-11 10:51:45 ----D---- C:\Windows\system32\catroot
2010-08-11 10:51:38 ----D---- C:\Windows\system32\catroot2
2010-08-10 15:03:25 ----D---- C:\Program Files\AIMP2
2010-08-03 22:33:17 ----D---- C:\Program Files\PC-Doctor
2010-08-03 22:33:11 ----D---- C:\ProgramData\PCDr
2010-08-03 22:27:06 ----D---- C:\Windows\Tasks
2010-08-03 22:26:58 ----HD---- C:\ProgramData
2010-08-03 20:09:31 ----A---- C:\Windows\system32\MRT.exe
2010-07-24 22:43:39 ----D---- C:\Windows\system32\DriverStore
2010-07-24 18:24:46 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-08 21:45:03 ----D---- C:\Windows\system32\NDF
2010-07-02 10:07:47 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\FileZilla
2010-07-01 13:06:28 ----D---- C:\Program Files\Windows Media Player
2010-06-28 22:42:58 ----D---- C:\swshare
2010-06-27 12:02:24 ----D---- C:\Program Files\FileZilla FTP Client
2010-06-23 23:25:10 ----D---- C:\Windows\ehome
2010-06-23 23:25:03 ----D---- C:\Windows\AppPatch
2010-06-18 15:56:43 ----D---- C:\Windows\system32\drivers\UMDF
2010-06-18 13:08:16 ----RSD---- C:\Windows\Media
2010-06-16 11:16:32 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-11 18:16:33 ----RD---- C:\Program Files\Skype
2010-06-11 18:16:32 ----D---- C:\ProgramData\Skype
2010-06-10 18:28:00 ----D---- C:\Windows\Downloaded Installations
2010-06-05 13:19:12 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-04 13:32:00 ----SD---- C:\ProgramData\Microsoft
2010-06-02 21:09:11 ----D---- C:\Users\Jiří Tichý\AppData\Roaming\vlc
2010-05-30 20:13:49 ----D---- C:\Program Files\QIP Infium
2010-05-26 20:25:52 ----D---- C:\Windows\rescache
2010-05-26 11:27:01 ----D---- C:\Program Files\Common Files\microsoft shared
2010-05-26 11:26:38 ----D---- C:\Program Files\Microsoft
2010-05-26 11:26:29 ----D---- C:\Windows\system32\cs-CZ
2010-05-25 19:04:07 ----D---- C:\Windows\system32\drivers\NIS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DozeHDD;DozeHDD; C:\Windows\System32\DRIVERS\DozeHDD.sys [2010-05-12 24304]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-06 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2009-10-09 120360]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-06-16 3033200]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [2010-07-20 692272]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-05-27 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100813.004\IDSvix86.sys [2010-05-28 344112]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [2010-04-22 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [2010-04-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2010-05-06 44080]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2010-05-12 11552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-09-07 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-09-15 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-09-15 38400]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-03-23 45352]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-03-23 86056]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-03-23 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-23 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-03-23 18472]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-10-05 460800]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP; C:\Windows\System32\Drivers\DlinkUDSMBus.sys [2008-11-11 74624]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-14 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-06-23 40832]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2009-06-30 981504]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2009-06-30 207360]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-11-18 26608]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-10-08 6212096]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100814.002\NAVENG.SYS [2010-07-14 85424]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100814.002\NAVEX15.SYS [2010-07-14 1362608]
R3 NETw5s32;Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2010-03-17 6758912]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-10-31 33088]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-11 3486208]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-01-16 124976]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-03 1303728]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 30720]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2009-06-30 661504]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 DlinkUDSTcpBus;DlinkUDSTcpBus; C:\Windows\System32\Drivers\DlinkUDSTcpBus.sys [2008-11-11 97664]
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2009-08-26 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2009-09-16 8456]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-10-22 57800]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2009-10-22 72520]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc.pkms [2010-05-07 21360]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-14 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [2010-04-22 124264]
R2 AcSvc;AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [2010-04-22 259432]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2009-10-20 1701112]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-02-17 595232]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2009-10-20 98304]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-03-05 862480]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-11-18 38248]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-03-05 473360]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2009-09-04 15872]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-08-27 1021240]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
R3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-06-16 316816]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 PelService;Session Launcher Service; C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe []
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 87904]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2009-10-20 106496]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [2010-05-12 132456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2009-10-09 39976]
S3 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2009-09-04 1474560]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 17 srp 2010 08:16

Udělejte zálohu všeho, o čem víte, že na flashdisku je legitimní a pak ho zformátujte. Po formatu nahrajte data zpět. Log vypadá čistý.

#3 Příspěvek od **Rudy** » 17 srp 2010 08:21

Udělejte zálohu všeho, o čem víte, že na flashdisku je legitimní a pak ho zformátujte. Po formatu nahrajte data zpět. Log vypadá čistý.

mystikp · #4 Příspěvek od **mystikp** » 17 srp 2010 13:43

Ok, díky.

#5 Příspěvek od **Rudy** » 17 srp 2010 13:59

Není zač!

VIRY.CZ

skrytá složka bunda se souborem vratije.exe na flashdisku

skrytá složka bunda se souborem vratije.exe na flashdisku

Re: skrytá složka bunda se souborem vratije.exe na flashdisk

Re: skrytá složka bunda se souborem vratije.exe na flashdisk

Re: skrytá složka bunda se souborem vratije.exe na flashdisk

Re: skrytá složka bunda se souborem vratije.exe na flashdisk