VIRY.CZ

Zdravím posielam Vám na kontrolu preventívku. Mám ale problém, ktorý sa snažím nejakú dobu vyriešiť. Stiahnem si akýkoľvek súbor(mp3,.avi, .doc ...) uloží sa mi to štandartne do ,,Stažené soubory". Keď chcem stiahnutý súbor (napr .avi) prekopírovať do mojej zložky na ploche ,,Filmy" tak sa to prekopíruje, ale následne film nespustím, pretože mi vypisuje problém s oprávnením. Ale keby pustím súbor z ,,Stažené soubory" tak to ide. Dokážete mi s týmto pomôcť ?

Tu je spomínaný log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:07:05, on 9. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\hijackthis.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Len ... etect2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\windows\system32\PrintCtrl.exe
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8490 bytes

Také zdravím!
Problém přehrání filmů zřejmě bude souviset s nastavením práv adresářů Klikněte na ikonu adresáře pravým myšítkem>vlastnosti>zabezpečení a nastavte shodně s nastavením v adresáři, z něhož lze soubor přehrát.
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 , je podrobnější, než HijackThis.

Áno súvisí to s právami adresárov, ja som to tak nastavil, ale musím to nastavovať pre každú jednu zložku, kde sa mi vyskytne tá chyba. A ja nechcem nastavovať pre každú jednu zložku a podzložku tieto práva. Niekde sa musel stať problém, a neviem na to prísť kde.

Tu je log:


Logfile of random's system information tool 1.09 (written by random/random)
Run by eXtenZ at 2012-01-11 19:08:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 159 GB (37%) free of 431 GB
Total RAM: 2009 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:33, on 11. 1. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Garena\Garena.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\eM Client\MailClient.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\eXtenZ\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\eXtenZ\Downloads\RSIT.exe
C:\Program Files\trend micro\eXtenZ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Len ... etect2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Printer Control - ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM - C:\windows\system32\PrintCtrl.exe
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\windows\system32\SAsrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8670 bytes

======Scheduled tasks folder======

C:\windows\tasks\AutoKMS.job
C:\windows\tasks\AutoKMSDaily.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003UA.job
C:\windows\tasks\nilxu.job

=========Mozilla firefox=========

ProfilePath - C:\Users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-09-18 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-09-18 174104]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-09-18 150552]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-28 307768]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-09-29 4114288]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-09-05 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-09-29 5064560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\eXtenZ\AppData\Roaming\Google Talk\googletalk.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2010-10-28 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
C:\Users\eXtenZ\AppData\Local\MediaGet2\mediaget.exe --minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\eXtenZ\AppData\Roaming\QipGuard\QipGuard.exe /p []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickPathPlay]
C:\Users\eXtenZ\AppData\Local\AcroAuthenticationvga\QuickPathPlay.dll,ClipMobileMusic eapHelpCtrl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-07-03 215552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
"ConsentPromptBehaviorAdmin"=5

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=0
"NoViewContextMenu"=0
"NoFileAssociate"=0
"NoRun"=0
"NoClose"=0
"StartMenuLogoff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.clmp3enc"=C:\PROGRA~1\Lenovo\Power2Go\CLMP3Enc.ACM

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-11 13:29:15 ----A---- C:\windows\system32\packager.dll
2012-01-11 13:29:15 ----A---- C:\windows\system32\ntdll.dll
2012-01-11 13:29:11 ----A---- C:\windows\system32\quartz.dll
2012-01-11 13:29:11 ----A---- C:\windows\system32\qdvd.dll
2012-01-07 00:46:52 ----D---- C:\Program Files\eM Client
2012-01-04 01:03:51 ----D---- C:\ProgramData\Zoner
2012-01-03 20:59:21 ----D---- C:\Users\eXtenZ\AppData\Roaming\The Bat!
2012-01-02 22:42:38 ----D---- C:\Users\eXtenZ\AppData\Roaming\eM Client
2012-01-01 13:53:17 ----D---- C:\ProgramData\ESET
2012-01-01 13:53:17 ----D---- C:\Program Files\ESET
2011-12-30 23:20:09 ----D---- C:\Rbackup
2011-12-30 14:35:02 ----SHD---- C:\windows\system32\%APPDATA%
2011-12-29 17:27:23 ----D---- C:\Users\eXtenZ\AppData\Roaming\Google
2011-12-29 14:54:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-12-29 14:46:52 ----D---- C:\Users\eXtenZ\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2011-12-28 01:30:24 ----D---- C:\Users\eXtenZ\AppData\Roaming\ffDiaporama
2011-12-24 15:13:34 ----D---- C:\ProgramData\NFS Underground
2011-12-24 14:59:46 ----D---- C:\Program Files\EA GAMES
2011-12-24 11:55:32 ----D---- C:\Program Files\The KMPlayer
2011-12-21 21:15:23 ----D---- C:\Users\eXtenZ\AppData\Roaming\FastStone
2011-12-21 21:12:58 ----D---- C:\Program Files\XnView
2011-12-14 10:51:01 ----A---- C:\windows\system32\mshtmled.dll
2011-12-14 10:51:01 ----A---- C:\windows\system32\iertutil.dll
2011-12-14 10:51:00 ----A---- C:\windows\system32\jsproxy.dll
2011-12-14 10:51:00 ----A---- C:\windows\system32\jscript9.dll
2011-12-14 10:51:00 ----A---- C:\windows\system32\jscript.dll
2011-12-14 10:50:59 ----A---- C:\windows\system32\wininet.dll
2011-12-14 10:50:59 ----A---- C:\windows\system32\url.dll
2011-12-14 10:50:59 ----A---- C:\windows\system32\ieui.dll
2011-12-14 10:50:58 ----A---- C:\windows\system32\urlmon.dll
2011-12-14 10:50:57 ----A---- C:\windows\system32\mshtml.dll
2011-12-14 10:50:56 ----A---- C:\windows\system32\ieframe.dll
2011-12-14 10:47:13 ----A---- C:\windows\system32\ntoskrnl.exe
2011-12-14 10:47:11 ----A---- C:\windows\system32\ntkrnlpa.exe
2011-12-14 10:47:10 ----A---- C:\windows\system32\win32k.sys
2011-12-14 10:47:01 ----A---- C:\windows\system32\tzres.dll
2011-12-14 10:46:43 ----A---- C:\windows\system32\csrsrv.dll
2011-12-14 10:46:42 ----A---- C:\windows\system32\EncDec.dll
2011-12-14 01:19:52 ----A---- C:\windows\system32\GPhotos.scr
2011-12-13 10:42:41 ----D---- C:\Users\eXtenZ\AppData\Roaming\VS Revo Group

======List of files/folders modified in the last 1 month======

2012-01-11 19:08:23 ----D---- C:\windows\Prefetch
2012-01-11 19:08:14 ----D---- C:\Program Files\trend micro
2012-01-11 18:58:37 ----D---- C:\Users\eXtenZ\AppData\Roaming\Skype
2012-01-11 18:57:59 ----D---- C:\windows\Temp
2012-01-11 17:33:27 ----D---- C:\Program Files\Garena
2012-01-11 16:34:27 ----D---- C:\windows\system32\config
2012-01-11 16:24:58 ----SHD---- C:\System Volume Information
2012-01-11 14:39:25 ----D---- C:\Program Files\EMDB
2012-01-11 13:50:19 ----D---- C:\windows\winsxs
2012-01-11 13:49:10 ----D---- C:\windows\System32
2012-01-11 13:46:26 ----D---- C:\windows\debug
2012-01-11 13:46:20 ----A---- C:\windows\system32\MRT.exe
2012-01-11 13:46:14 ----D---- C:\windows\ehome
2012-01-11 13:46:10 ----SHD---- C:\windows\Installer
2012-01-11 13:46:03 ----D---- C:\ProgramData\Microsoft Help
2012-01-11 13:29:06 ----D---- C:\windows\system32\catroot
2012-01-11 13:28:59 ----D---- C:\windows\system32\catroot2
2012-01-10 21:30:30 ----D---- C:\Program Files\Warcraft III
2012-01-10 12:48:39 ----D---- C:\Windows
2012-01-09 15:27:48 ----RD---- C:\Program Files
2012-01-09 15:25:03 ----D---- C:\windows\inf
2012-01-08 20:58:56 ----D---- C:\windows\system32\wdi
2012-01-08 17:09:06 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-01-07 02:41:32 ----D---- C:\windows\Microsoft.NET
2012-01-07 02:00:19 ----HD---- C:\ProgramData
2012-01-07 01:54:11 ----A---- C:\windows\system32\imageres.dll
2012-01-07 01:45:04 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-01-07 01:45:03 ----D---- C:\Users\eXtenZ\AppData\Roaming\uTorrent
2012-01-07 00:48:09 ----RSD---- C:\windows\assembly
2012-01-06 18:22:09 ----D---- C:\windows\system32\wfp
2012-01-06 18:22:09 ----D---- C:\windows\system32\Tasks
2012-01-06 18:22:07 ----D---- C:\windows\system32\wbem
2012-01-06 18:21:19 ----D---- C:\windows\Tasks
2012-01-06 18:21:19 ----D---- C:\windows\system32\DriverStore
2012-01-06 18:21:18 ----D---- C:\windows\system32\CodeIntegrity
2012-01-06 18:21:16 ----D---- C:\windows\AppCompat
2012-01-06 18:21:11 ----D---- C:\Users\eXtenZ\AppData\Roaming\Mozilla
2012-01-06 18:21:10 ----D---- C:\Users\eXtenZ\AppData\Roaming\GHISLER
2012-01-06 18:20:51 ----D---- C:\windows\registration
2012-01-06 18:20:49 ----D---- C:\windows\system32\WindowsPowerShell
2012-01-06 18:20:49 ----AD---- C:\windows\system32\Welcome Center
2012-01-06 18:20:48 ----D---- C:\windows\system32\SPReview
2012-01-06 18:20:48 ----D---- C:\windows\system32\spp
2012-01-06 18:20:48 ----D---- C:\windows\system32\spool
2012-01-06 18:20:48 ----D---- C:\windows\system32\Speech
2012-01-06 18:20:47 ----SD---- C:\windows\system32\Microsoft
2012-01-06 18:20:47 ----HD---- C:\windows\system32\GroupPolicy
2012-01-06 18:20:47 ----D---- C:\windows\system32\NetworkList
2012-01-06 18:20:47 ----D---- C:\windows\system32\Macromed
2012-01-06 18:20:47 ----D---- C:\windows\system32\Lang
2012-01-06 18:20:47 ----D---- C:\windows\system32\EventProviders
2012-01-06 18:20:21 ----D---- C:\ProgramData\WhereIsIt
2012-01-06 18:20:21 ----D---- C:\ProgramData\TuneUp Software
2012-01-06 18:20:21 ----D---- C:\ProgramData\Stardock
2012-01-06 18:20:21 ----D---- C:\ProgramData\Skype Extras
2012-01-06 18:20:21 ----D---- C:\ProgramData\Skype
2012-01-06 18:20:21 ----AD---- C:\ProgramData\Temp
2012-01-06 18:20:20 ----SD---- C:\ProgramData\Microsoft
2012-01-06 18:20:20 ----D---- C:\ProgramData\McAfee
2012-01-06 18:20:19 ----D---- C:\ProgramData\CyberLink
2012-01-06 18:20:19 ----D---- C:\ProgramData\AutoKMS
2012-01-06 18:20:19 ----D---- C:\ProgramData\Adobe
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\Windows Live
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\Java
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\InstallShield
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\Canon
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\Borland Shared
2012-01-06 18:20:14 ----D---- C:\Program Files\Common Files\Adobe
2012-01-06 18:20:13 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-01-01 13:53:41 ----D---- C:\windows\system32\drivers
2011-12-30 23:22:41 ----D---- C:\Program Files\Microsoft
2011-12-29 15:20:30 ----D---- C:\windows\system32\drivers\etc
2011-12-29 12:11:18 ----D---- C:\Program Files\Mozilla Firefox
2011-12-28 14:03:47 ----D---- C:\windows\system32\NDF
2011-12-28 01:29:58 ----D---- C:\Program Files\Mozilla Thunderbird
2011-12-25 00:54:34 ----D---- C:\Program Files\CCleaner
2011-12-24 12:11:18 ----D---- C:\Users\eXtenZ\AppData\Roaming\XnView
2011-12-21 21:23:50 ----D---- C:\Program Files\Google
2011-12-21 21:08:09 ----D---- C:\Users\eXtenZ\AppData\Roaming\IrfanView
2011-12-17 23:25:43 ----D---- C:\windows\Downloaded Program Files
2011-12-17 23:25:42 ----D---- C:\Program Files\Lenovo
2011-12-14 12:18:36 ----D---- C:\windows\rescache
2011-12-14 10:54:39 ----D---- C:\windows\system32\migration
2011-12-14 10:54:39 ----D---- C:\windows\system32\cs-CZ
2011-12-14 10:54:39 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-09-29 691696]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 funfrm;funfrm; C:\windows\system32\drivers\funfrm.sys [2010-07-22 54800]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 cpuz135;cpuz135; \??\C:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\windows\system32\DRIVERS\Apfiltr.sys [2010-04-22 218744]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-05-31 260648]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2009-07-07 2506232]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT32.sys [2010-03-31 517688]
R3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-07-03 5922816]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 usbsmi;Lenovo EasyCamera; C:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 cpuz134;cpuz134; \??\C:\Users\eXtenZ\AppData\Local\Temp\cpuz134\cpuz134_x32.sys []
S3 HTCAND32;HTC Device Driver; C:\windows\System32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver; C:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys []
S3 mvusbews;USB EWS Device; C:\windows\System32\Drivers\mvusbews.sys [2009-10-26 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520]
S3 RtsUIR;Realtek IR Driver; C:\windows\system32\DRIVERS\Rts516xIR.sys []
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Ovladač procesoru VIA C7; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 128104]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 582944]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 HPSIService;HP SI Service; C:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
R2 Printer Control;Printer Control; C:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
R2 SAService;Conexant SmartAudio service; C:\windows\system32\SAsrv.exe [2010-03-25 445496]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-01-10.02 - eXtenZ . 01. 2012 19:24:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.2009.1206 [GMT 1:00]
Running from: c:\users\eXtenZ\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\eXtenZ\AppData\Roaming\Google Talk
c:\users\eXtenZ\AppData\Roaming\chrtmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dj01177.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 18:35 . 2012-01-11 18:35 -------- d-----w- c:\users\eXtenZ\AppData\Local\temp
2012-01-11 18:35 . 2012-01-11 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 12:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:29 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:29 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:29 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 23:46 . 2012-01-06 23:47 -------- d-----w- c:\program files\eM Client
2012-01-04 00:03 . 2012-01-04 00:03 -------- d-----w- c:\programdata\Zoner
2012-01-03 19:59 . 2012-01-10 23:27 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\The Bat!
2012-01-02 21:42 . 2012-01-11 18:19 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\eM Client
2012-01-01 12:53 . 2012-01-01 12:53 -------- d-----w- c:\program files\ESET
2011-12-30 22:20 . 2011-12-30 22:20 -------- d-----w- C:\Rbackup
2011-12-30 13:35 . 2012-01-06 17:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-29 13:54 . 2011-12-29 13:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 13:46 . 2012-01-07 00:35 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2011-12-29 13:13 . 2011-12-29 13:13 -------- d-----w- c:\users\eXtenZ\AppData\Local\twitter
2011-12-28 00:30 . 2012-01-07 00:30 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\ffDiaporama
2011-12-24 14:13 . 2011-12-24 14:13 -------- d-----w- c:\programdata\NFS Underground
2011-12-24 13:59 . 2011-12-24 13:59 -------- d-----w- c:\program files\EA GAMES
2011-12-24 10:55 . 2011-12-24 10:56 -------- d-----w- c:\program files\The KMPlayer
2011-12-21 20:15 . 2011-12-21 20:15 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\FastStone
2011-12-21 20:12 . 2011-12-21 20:13 -------- d-----w- c:\program files\XnView
2011-12-21 19:38 . 2011-12-29 11:11 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-21 19:38 . 2011-12-21 19:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-21 19:38 . 2011-12-21 19:38 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-21 19:38 . 2011-12-21 19:38 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-14 09:51 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 09:51 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-14 09:51 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-14 09:51 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 09:50 . 2011-11-03 22:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 09:50 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-14 09:50 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 09:47 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 09:47 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:47 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:46 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:46 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-13 09:42 . 2011-12-13 09:42 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 00:54 . 2009-07-13 23:42 20266496 ----a-w- c:\windows\system32\imageres.dll
2011-11-15 10:50 . 2011-05-15 16:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 17:42 . 2011-11-01 17:42 1218627 ----a-w- c:\windows\unins000.exe
2011-12-29 11:11 . 2011-05-23 13:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-09-29 16:22 5064560 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-29 09:23 136176 ----atw- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-10-28 16:55 294912 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe -a
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\eXtenZ\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003Core.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003UA.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-WLStart - c:\program files\Windows Live\Installer\wlstart.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-googletalk - c:\users\eXtenZ\AppData\Roaming\Google Talk\googletalk.exe
MSConfigStartUp-Infium - c:\program files\QIP 2010\qip.exe
MSConfigStartUp-MediaGet2 - c:\users\eXtenZ\AppData\Local\MediaGet2\mediaget.exe
MSConfigStartUp-QIP Internet Guardian - c:\users\eXtenZ\AppData\Roaming\QipGuard\QipGuard.exe
MSConfigStartUp-QuickPathPlay - c:\users\eXtenZ\AppData\Local\AcroAuthenticationvga\QuickPathPlay.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-11 19:45:13
ComboFix-quarantined-files.txt 2012-01-11 18:45
.
Pre-Run: Volných bajtů: 166 558 232 576
Post-Run: Volných bajtů: 166 447 878 144
.
- - End Of File - - 598522A48541D211374C4D6C7213CDC6

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Firefox::
FF - ProfilePath - c:\users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Výsledok:


ComboFix 12-01-10.02 - eXtenZ . 01. 2012 21:23:06.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.2009.1101 [GMT 1:00]
Running from: c:\users\eXtenZ\Desktop\ComboFix.exe
Command switches used :: c:\users\eXtenZ\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 20:33 . 2012-01-11 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 18:45 . 2012-01-11 20:33 -------- d-----w- c:\users\eXtenZ\AppData\Local\temp
2012-01-11 12:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:29 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:29 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:29 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 23:46 . 2012-01-06 23:47 -------- d-----w- c:\program files\eM Client
2012-01-04 00:03 . 2012-01-04 00:03 -------- d-----w- c:\programdata\Zoner
2012-01-03 19:59 . 2012-01-10 23:27 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\The Bat!
2012-01-02 21:42 . 2012-01-11 18:50 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\eM Client
2012-01-01 12:53 . 2012-01-01 12:53 -------- d-----w- c:\program files\ESET
2011-12-30 22:20 . 2011-12-30 22:20 -------- d-----w- C:\Rbackup
2011-12-30 13:35 . 2012-01-06 17:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-29 13:54 . 2011-12-29 13:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 13:46 . 2012-01-07 00:35 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2011-12-29 13:13 . 2011-12-29 13:13 -------- d-----w- c:\users\eXtenZ\AppData\Local\twitter
2011-12-28 00:30 . 2012-01-07 00:30 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\ffDiaporama
2011-12-24 14:13 . 2011-12-24 14:13 -------- d-----w- c:\programdata\NFS Underground
2011-12-24 13:59 . 2011-12-24 13:59 -------- d-----w- c:\program files\EA GAMES
2011-12-24 10:55 . 2011-12-24 10:56 -------- d-----w- c:\program files\The KMPlayer
2011-12-21 20:15 . 2011-12-21 20:15 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\FastStone
2011-12-21 20:12 . 2011-12-21 20:13 -------- d-----w- c:\program files\XnView
2011-12-21 19:38 . 2011-12-29 11:11 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-21 19:38 . 2011-12-21 19:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-21 19:38 . 2011-12-21 19:38 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-21 19:38 . 2011-12-21 19:38 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-14 09:51 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 09:51 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-14 09:51 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-14 09:51 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 09:50 . 2011-11-03 22:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 09:50 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-14 09:50 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 09:47 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 09:47 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:47 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:46 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:46 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-13 09:42 . 2011-12-13 09:42 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 00:54 . 2009-07-13 23:42 20266496 ----a-w- c:\windows\system32\imageres.dll
2011-11-15 10:50 . 2011-05-15 16:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 17:42 . 2011-11-01 17:42 1218627 ----a-w- c:\windows\unins000.exe
2011-12-29 11:11 . 2011-05-23 13:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-11_18.35.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-07 02:12 . 2012-01-11 20:18 58542 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-01-11 20:18 54302 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-28 18:34 . 2012-01-11 20:18 15736 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-217525786-4203485839-1761426994-1003_UserData.bin
+ 2009-07-14 04:34 . 2012-01-11 20:10 94944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-29 02:30 . 2012-01-11 20:15 14001 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-07-29 02:30 . 2012-01-11 12:49 14001 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-11 12:50 . 2012-01-11 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 20:15 . 2012-01-11 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-11 12:50 . 2012-01-11 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 20:15 . 2012-01-11 20:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:47 . 2012-01-11 12:49 492328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-01-11 20:15 492328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-10 22:40 . 2012-01-11 20:15 6057256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-10 22:40 . 2012-01-11 12:49 6057256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-01 14:37 . 2012-01-11 01:58 7808228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-12288.dat
+ 2010-10-01 14:37 . 2012-01-11 18:47 7808228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-12288.dat
+ 2010-12-19 01:09 . 2012-01-11 20:15 18960008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-8192.dat
- 2010-12-19 01:09 . 2012-01-11 12:49 18960008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-09-29 16:22 5064560 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-29 09:23 136176 ----atw- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-10-28 16:55 294912 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe -a
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\eXtenZ\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003Core.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003UA.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4596)
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
.
Completion time: 2012-01-11 21:46:40
ComboFix-quarantined-files.txt 2012-01-11 20:46
ComboFix2.txt 2012-01-11 18:45
.
Pre-Run: Volných bajtů: 166 571 974 656
Post-Run: Volných bajtů: 166 495 965 184
.
- - End Of File - - 0529A1005FD6BF0E00D20046F2C6F40D

CF spusťte ještě jednou skriptem:

Driver::
funfrm

ComboFix 12-01-10.02 - eXtenZ . 01. 2012 2:53.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.2009.1287 [GMT 1:00]
Running from: c:\users\eXtenZ\Desktop\ComboFix.exe
Command switches used :: c:\users\eXtenZ\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_funfrm
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 02:04 . 2012-01-12 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 20:52 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 20:52 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-11 20:52 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-11 20:52 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 20:52 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 20:52 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-11 20:52 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 20:52 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-11 20:52 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-11 20:52 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 18:45 . 2012-01-12 02:07 -------- d-----w- c:\users\eXtenZ\AppData\Local\temp
2012-01-11 12:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:29 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:29 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 12:29 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 23:46 . 2012-01-06 23:47 -------- d-----w- c:\program files\eM Client
2012-01-04 00:03 . 2012-01-04 00:03 -------- d-----w- c:\programdata\Zoner
2012-01-03 19:59 . 2012-01-10 23:27 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\The Bat!
2012-01-02 21:42 . 2012-01-12 00:43 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\eM Client
2012-01-01 12:53 . 2012-01-01 12:53 -------- d-----w- c:\program files\ESET
2011-12-30 22:20 . 2011-12-30 22:20 -------- d-----w- C:\Rbackup
2011-12-30 13:35 . 2012-01-06 17:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-12-29 13:54 . 2011-12-29 13:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 13:46 . 2012-01-07 00:35 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2011-12-29 13:13 . 2011-12-29 13:13 -------- d-----w- c:\users\eXtenZ\AppData\Local\twitter
2011-12-28 00:30 . 2012-01-07 00:30 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\ffDiaporama
2011-12-24 14:13 . 2011-12-24 14:13 -------- d-----w- c:\programdata\NFS Underground
2011-12-24 13:59 . 2011-12-24 13:59 -------- d-----w- c:\program files\EA GAMES
2011-12-24 10:55 . 2011-12-24 10:56 -------- d-----w- c:\program files\The KMPlayer
2011-12-21 20:15 . 2011-12-21 20:15 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\FastStone
2011-12-21 20:12 . 2011-12-21 20:13 -------- d-----w- c:\program files\XnView
2011-12-21 19:38 . 2011-12-29 11:11 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-21 19:38 . 2011-12-21 19:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-21 19:38 . 2011-12-21 19:38 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-21 19:38 . 2011-12-21 19:38 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-14 09:51 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 09:51 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-14 09:51 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-14 09:51 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 09:50 . 2011-11-03 22:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 09:50 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-14 09:50 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 09:47 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 09:47 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 09:47 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 09:47 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 09:46 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 09:46 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 00:19 . 2011-12-14 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-13 09:42 . 2011-12-13 09:42 -------- d-----w- c:\users\eXtenZ\AppData\Roaming\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 00:54 . 2009-07-13 23:42 20266496 ----a-w- c:\windows\system32\imageres.dll
2011-11-17 05:34 . 2012-01-11 20:52 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 10:50 . 2011-05-15 16:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 17:42 . 2011-11-01 17:42 1218627 ----a-w- c:\windows\unins000.exe
2011-12-29 11:11 . 2011-05-23 13:40 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-17 . 05F38CB7CAB3CE8E9A1812D517DA93EF . 22528 . . [6.1.7600.21092] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[-] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\System32\lsass.exe
[-] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[-] 2011-11-17 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-01-11_18.35.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 20:52 . 2011-11-17 05:29 15872 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\sspisrv.dll
+ 2012-01-11 20:52 . 2011-11-17 05:29 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\secur32.dll
+ 2012-01-11 20:52 . 2011-11-17 05:35 67440 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\ksecdd.sys
+ 2012-01-11 20:52 . 2011-11-17 05:34 15872 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\sspisrv.dll
+ 2012-01-11 20:52 . 2011-11-17 05:34 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\secur32.dll
+ 2012-01-11 20:52 . 2011-11-17 05:41 67440 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\ksecdd.sys
+ 2012-01-11 20:52 . 2011-11-17 07:15 15360 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\sspisrv.dll
+ 2012-01-11 20:52 . 2011-11-17 07:15 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\secur32.dll
+ 2012-01-11 20:52 . 2011-11-17 07:20 67440 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\ksecdd.sys
+ 2012-01-11 20:52 . 2011-11-17 05:39 15360 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\sspisrv.dll
+ 2012-01-11 20:52 . 2011-11-17 05:39 99840 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\sspicli.dll
+ 2012-01-11 20:52 . 2011-11-17 05:39 22016 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\secur32.dll
+ 2012-01-11 20:52 . 2011-11-17 05:48 67440 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\ksecdd.sys
+ 2010-06-07 02:12 . 2012-01-11 20:56 58582 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-01-11 20:56 54318 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-28 18:34 . 2012-01-11 20:56 15736 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-217525786-4203485839-1761426994-1003_UserData.bin
+ 2009-07-14 04:34 . 2012-01-11 20:56 91984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:34 . 2012-01-11 12:52 91984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-29 02:30 . 2012-01-11 12:49 14001 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-07-29 02:30 . 2012-01-11 20:53 14001 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-01-11 12:50 . 2012-01-11 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 20:54 . 2012-01-12 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 20:54 . 2012-01-12 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-11 12:50 . 2012-01-11 12:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 20:52 . 2011-11-17 05:29 314880 c:\windows\winsxs\x86_microsoft-windows-webio_31bf3856ad364e35_6.1.7601.21861_none_5f423426563e2d4f\webio.dll
+ 2012-01-11 20:52 . 2011-11-17 05:35 314880 c:\windows\winsxs\x86_microsoft-windows-webio_31bf3856ad364e35_6.1.7601.17725_none_5ee7d8333cfc831d\webio.dll
+ 2012-01-11 20:52 . 2011-11-17 07:15 314368 c:\windows\winsxs\x86_microsoft-windows-webio_31bf3856ad364e35_6.1.7600.21092_none_5d3c3de2592f64a8\webio.dll
+ 2012-01-11 20:52 . 2011-11-17 05:39 314368 c:\windows\winsxs\x86_microsoft-windows-webio_31bf3856ad364e35_6.1.7600.16915_none_5d0c4b193fcdfb40\webio.dll
+ 2012-01-11 20:52 . 2011-11-17 05:29 224768 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_246e4516cccdc994\schannel.dll
+ 2012-01-11 20:52 . 2011-11-17 05:34 224768 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_2413e923b38c1f62\schannel.dll
+ 2012-01-11 20:52 . 2011-11-17 07:15 224768 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.21092_none_22684ed2cfbf00ed\schannel.dll
+ 2012-01-11 20:52 . 2011-11-17 05:39 224768 c:\windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7600.16915_none_22385c09b65d9785\schannel.dll
+ 2012-01-11 20:52 . 2011-11-17 05:29 100352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\sspicli.dll
+ 2012-01-11 20:52 . 2011-11-17 05:35 134000 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\ksecpkg.sys
+ 2012-01-11 20:52 . 2011-11-17 05:31 369352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\cng.sys
+ 2012-01-11 20:52 . 2011-11-17 05:34 100352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\sspicli.dll
+ 2012-01-11 20:52 . 2011-11-17 05:41 134000 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\ksecpkg.sys
+ 2012-01-11 20:52 . 2011-11-17 05:39 369352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\cng.sys
+ 2012-01-11 20:52 . 2011-11-17 07:15 100352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\sspicli.dll
+ 2012-01-11 20:52 . 2011-11-17 07:20 134000 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\ksecpkg.sys
+ 2012-01-11 20:52 . 2011-11-17 07:17 369352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\cng.sys
+ 2012-01-11 20:52 . 2011-11-17 05:48 134000 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\ksecpkg.sys
+ 2012-01-11 20:52 . 2011-11-17 05:42 369352 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\cng.sys
+ 2010-09-28 18:58 . 2012-01-12 00:23 489218 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-01-11 20:52 . 2011-11-17 05:34 224768 c:\windows\System32\schannel.dll
- 2009-07-14 04:47 . 2012-01-11 12:49 492328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-01-11 20:53 492328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-11 20:52 . 2011-11-17 05:26 1038848 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsasrv.dll
+ 2012-01-11 20:52 . 2011-11-17 05:32 1038848 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsasrv.dll
+ 2012-01-11 20:52 . 2011-11-17 07:12 1037824 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsasrv.dll
+ 2012-01-11 20:52 . 2011-11-17 05:38 1037312 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsasrv.dll
- 2009-07-14 02:03 . 2011-12-14 09:54 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2012-01-11 20:53 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2012-01-11 12:52 7116712 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-01-11 20:56 7116712 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-05-10 22:40 . 2012-01-11 12:49 6057256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-05-10 22:40 . 2012-01-11 20:53 6057256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-01 14:37 . 2012-01-11 18:47 7808228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-12288.dat
- 2010-10-01 14:37 . 2012-01-11 01:58 7808228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-12288.dat
+ 2011-05-11 07:10 . 2012-01-11 20:51 46579469 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2010-12-19 01:09 . 2012-01-11 20:53 18960008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-8192.dat
- 2010-12-19 01:09 . 2012-01-11 12:49 18960008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-217525786-4203485839-1761426994-1003-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Energy Management]
2009-09-29 16:22 5064560 ----a-w- c:\program files\Lenovo\Energy Management\Energy Management.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-09-29 09:23 136176 ----atw- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-10-28 16:55 294912 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"Google Update"="c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe -a
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\eXtenZ\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2009-10-26 17408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1343400]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-29 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-05-11 99896]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-28 65536]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2010-03-25 445496]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003Core.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-217525786-4203485839-1761426994-1003UA.job
- c:\users\eXtenZ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-29 09:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 146.102.167.167 146.102.16.1 146.102.16.2
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\eXtenZ\AppData\Roaming\Mozilla\Firefox\Profiles\ewceyx04.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3020)
c:\program files\Lenovo\Bluetooth Software\btmmhook.dll
c:\program files\Lenovo\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-01-12 03:19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 02:18
ComboFix2.txt 2012-01-11 20:46
ComboFix3.txt 2012-01-11 18:45
.
Pre-Run: Volných bajtů: 166 577 135 616
Post-Run: Volných bajtů: 166 317 023 232
.
- - End Of File - - 9D03F87793474D7F8349E4ABF2D78600

Log již vypadá čistý.

A problém s tým administrátorskymi právami ? Ako by som to mohol vyriešiť. Teda zatiaľ sa mi to od včera nestalo.

Ďakujem

eXtenZ1 píše:A problém s tým administrátorskymi právami ? Ako by som to mohol vyriešiť. Teda zatiaľ sa mi to od včera nestalo.

Ďakujem

Pokud se vám znovu nestal problém s právy, není co řešit. Nebo tomu špatně rozumím?

Bohužiaľ, problém s právy sa mi zase stal, ale teraz v inom priečinku, som to musel povoliť ručne.

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

Urobil som sken,trval cca 2 hodiny ale žiaden log na uloženie mi to neukázalo. Teda pri záverečnom kroku mi nenašlo žiadne hrozby, takže mi nešlo kliknuť na ,,save".

Ďakujem