VIRY.CZ

Včera se mi "povedlo" spustit virus ze skype, který poškozuje externí úložiště, u mě konkrétně 1TB externí disk.
Soubory se mi povedlo zachránit (nyní je mám na pevném disku), ale při znovuzkopírování na externí disk se stále nezobrazují.
(Celý skype virus údajně není o tom, že soubory, ale jen info o jejich úložišti.)
Disk se tváří jakože má obsah (přesně ta velikost, jaká by měla být), dokonce lze obsah používat (v programech, které ukládají dříve použité soubory), ale v průzkumníku ten obsah nevidím.

Velice děkuji za pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Weruska at 2012-10-09 21:44:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 544 GB (59%) free of 928 GB
Total RAM: 8155 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:45, on 9.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
C:\Users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Program Files\trend micro\Weruska.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 74.208.73.101 qvc.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 9.105.6.98 bitdefender.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 132.239.17.2 httpool.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com67.221.174.30 tagged.com
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 63.309.5.102 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 74.208.73.101 qvc.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 9.105.6.98 bitdefender.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 103.67.101.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121004094746.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe" /AutoRun
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
O4 - HKLM\..\Run: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [Nástroj WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Qvjijy] C:\Users\Weruska\AppData\Roaming\Qvjijy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: EIZO ScreenSlicer.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LenovoCOMService (LenovoCOMSvc) - Lenovo - C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
O23 - Service: LitModeCtrl - Lenovo - C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17795 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\jmesoft\Service.exe
"C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc
"C:\Windows\system32\mfevtps.exe"
C:\Windows\SysWOW64\nlssrv32.exe
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait
"C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"
WLIDSvcM.exe 2504
"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\SysWOW64\UMonit.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Windows\jmesoft\hotkey.exe"
"C:\Windows\jmesoft\JME_LOAD.exe"
"C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe"
"C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
"C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe"
"C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
"C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe"
"C:\Users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4992 CREDAT:203009
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Lenovo\LVT\LVT.exe" 1
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"taskhost.exe"
"C:\Program Files\mcafee.com\agent\mcagent.exe" /shRequest
"C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\mcafee\VirusScan\mcods.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=7568.6af7210.1735728442 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 7568 "\\.\pipe\gecko-crash-server-pipe.7568" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe" --proxy-stub-channel=Flash4516.5F9EF168.41 --host-broker-channel=Flash4516.5F9EF168.18467 --host-pid=4516 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe" --channel=5164.005FF178.950616661 --proxy-stub-channel=Flash4516.5F9EF168.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Weruska\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default

prefs.js - "browser.search.useDBForOrder" - true

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\progra~2\mcafee\msc\npmcsn~1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Description"=
"Path"=C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\extensions\
cs@dictionaries.addons.mozilla.org
en-GB@dictionaries.addons.mozilla.org
en-US@dictionaries.addons.mozilla.org
{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\searchplugins\
slovnk-czen.xml
youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121004094746.dll [2012-05-25 94720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-06-21 322344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121004094746.dll [2012-05-25 79776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2012-06-21 322344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-09-05 12850792]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [2011-12-06 214312]
"UMonit"=C:\Windows\SysWOW64\UMonit.exe [2011-05-25 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Qvjijy"=C:\Users\Weruska\AppData\Roaming\Qvjijy.exe [2012-10-09 1286144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]
"jmekey"=C:\Windows\jmesoft\hotkey.exe [2011-06-08 118784]
"jmesoft"=C:\Windows\jmesoft\ServiceLoader.exe [2011-03-16 28672]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-03-21 1675160]
"ModeSwitch"=C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [2011-12-20 712192]
"LVT"=C:\Program Files\Lenovo\LVT\LJYZ.exe [2011-11-24 886112]
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2011-07-14 4351712]
"SetDefaultSCR"=C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [2009-12-31 102400]
"ScreenManager Pro for LCD (DDCCI)"=C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [2011-06-15 4875632]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [2011-12-06 214312]
"CLMLServer"=C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [2009-12-04 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-06 214312]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"WD Drive Unlocker"=C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe []
"Nástroj WD Drive Unlocker"=C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-06-13 1688008]
"Nástroj WD Quick View"=C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [2012-06-14 5235128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
EIZO ScreenSlicer.lnk - C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe

C:\Users\Weruska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0x00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-09 21:44:51 ----D---- C:\Program Files\trend micro
2012-10-09 21:44:50 ----D---- C:\rsit
2012-10-09 19:31:33 ----A---- C:\Users\Weruska\AppData\Roaming\Qvjijy.exe
2012-10-09 18:31:00 ----A---- C:\Users\Weruska\AppData\Roaming\5857.exe
2012-10-09 16:28:15 ----A---- C:\Users\Weruska\AppData\Roaming\F6D4.exe
2012-10-09 14:09:34 ----A---- C:\Users\Weruska\AppData\Roaming\1814.exe
2012-10-09 14:09:07 ----A---- C:\Users\Weruska\AppData\Roaming\9522.exe
2012-10-09 13:46:33 ----A---- C:\Users\Weruska\AppData\Roaming\657.exe
2012-10-09 13:23:33 ----A---- C:\Users\Weruska\AppData\Roaming\F880.exe
2012-10-09 13:00:32 ----A---- C:\Users\Weruska\AppData\Roaming\E7FB.exe
2012-10-09 12:41:46 ----D---- C:\Program Files\R
2012-10-09 12:37:32 ----A---- C:\Users\Weruska\AppData\Roaming\D6E9.exe
2012-10-09 12:37:29 ----D---- C:\ProgramData\VirtualizedApplications
2012-10-09 12:23:43 ----A---- C:\Users\Weruska\AppData\Roaming\16EB.exe
2012-10-09 12:14:32 ----A---- C:\Users\Weruska\AppData\Roaming\C9AF.exe
2012-10-09 12:00:43 ----A---- C:\Users\Weruska\AppData\Roaming\721.exe
2012-10-09 11:51:32 ----A---- C:\Users\Weruska\AppData\Roaming\BAB0.exe
2012-10-09 11:37:52 ----A---- C:\Users\Weruska\AppData\Roaming\1DDA.exe
2012-10-09 11:28:32 ----A---- C:\Users\Weruska\AppData\Roaming\AB53.exe
2012-10-09 11:14:43 ----A---- C:\Users\Weruska\AppData\Roaming\EC00.exe
2012-10-09 11:05:32 ----A---- C:\Users\Weruska\AppData\Roaming\9E47.exe
2012-10-09 10:51:51 ----A---- C:\Users\Weruska\AppData\Roaming\FA31.exe
2012-10-09 10:44:44 ----A---- C:\Users\Weruska\AppData\Roaming\9090.exe
2012-10-09 10:28:43 ----A---- C:\Users\Weruska\AppData\Roaming\CBFF.exe
2012-10-09 10:26:58 ----D---- C:\Users\Weruska\AppData\Roaming\SoftGrid Client
2012-10-09 10:26:25 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-10-09 10:26:20 ----D---- C:\Program Files\Microsoft Office
2012-10-09 10:26:20 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-10-09 10:26:13 ----D---- C:\Users\Weruska\AppData\Roaming\TP
2012-10-09 10:19:32 ----A---- C:\Users\Weruska\AppData\Roaming\7FBD.exe
2012-10-09 10:05:49 ----A---- C:\Users\Weruska\AppData\Roaming\F27B.exe
2012-10-09 10:05:42 ----A---- C:\Users\Weruska\AppData\Roaming\BC45.exe
2012-10-09 09:40:02 ----A---- C:\Users\Weruska\AppData\Roaming\3BEE.exe
2012-10-09 09:17:15 ----A---- C:\Users\Weruska\AppData\Roaming\5F35.exe
2012-10-09 08:55:42 ----A---- C:\Users\Weruska\AppData\Roaming\A2D7.exe
2012-10-09 08:32:16 ----A---- C:\Users\Weruska\AppData\Roaming\2F4C.exe
2012-10-09 08:09:38 ----A---- C:\Users\Weruska\AppData\Roaming\7723.exe
2012-10-09 08:01:10 ----D---- C:\Program Files\Western Digital
2012-10-09 07:48:05 ----A---- C:\Users\Weruska\AppData\Roaming\BB33.exe
2012-10-09 07:25:20 ----A---- C:\Users\Weruska\AppData\Roaming\E879.exe
2012-10-08 23:35:57 ----A---- C:\Windows\system32\aswBoot.exe
2012-10-08 23:35:29 ----D---- C:\ProgramData\AVAST Software
2012-10-08 23:35:29 ----D---- C:\Program Files\AVAST Software
2012-10-08 23:13:59 ----HD---- C:\ProgramData\Common Files
2012-10-08 23:13:59 ----D---- C:\ProgramData\MFAData
2012-10-08 23:04:54 ----D---- C:\Program Files\Microsoft Silverlight
2012-10-08 23:04:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-10-08 19:25:12 ----D---- C:\Program Files\Recuva
2012-10-08 18:26:59 ----D---- C:\Program Files (x86)\Wondershare
2012-10-08 18:20:05 ----SHD---- C:\Config.Msi
2012-10-08 15:02:22 ----A---- C:\Users\Weruska\AppData\Roaming\73DD.exe
2012-10-08 14:55:33 ----A---- C:\Users\Weruska\AppData\Roaming\34E9.exe
2012-10-08 14:46:38 ----A---- C:\Users\Weruska\AppData\Roaming\A40.exe
2012-10-07 05:15:41 ----D---- C:\Program Files (x86)\MSECache
2012-10-04 23:39:59 ----HD---- C:\Program Files (x86)\Zero G Registry
2012-10-04 23:17:20 ----D---- C:\ProgramData\SafeNet Sentinel
2012-10-04 23:17:19 ----D---- C:\ProgramData\SPSS
2012-10-04 23:16:49 ----D---- C:\Program Files\Common Files\IBM
2012-10-04 23:16:26 ----D---- C:\Program Files\IBM
2012-10-04 23:16:23 ----A---- C:\Windows\SYSWOW64\sysprs7.dll
2012-10-04 23:16:23 ----A---- C:\Windows\SYSWOW64\lsprst7.dll
2012-10-04 23:13:15 ----D---- C:\Program Files (x86)\MagicDisc
2012-10-04 23:13:15 ----A---- C:\Windows\SYSWOW64\drivers\mcdbus.sys
2012-10-04 23:13:15 ----A---- C:\Windows\system32\drivers\mcdbus.sys
2012-10-04 23:10:38 ----D---- C:\Users\Weruska\AppData\Roaming\CyberLink
2012-10-04 22:13:45 ----D---- C:\Users\Weruska\AppData\Roaming\NVIDIA
2012-10-04 21:54:55 ----D---- C:\ProgramData\Nik Software
2012-10-04 21:54:53 ----D---- C:\Program Files\Nik Software
2012-10-04 21:42:25 ----D---- C:\Program Files (x86)\VS Revo Group
2012-10-04 20:51:48 ----D---- C:\ProgramData\ESTsoft
2012-10-04 20:51:46 ----D---- C:\Users\Weruska\AppData\Roaming\ESTsoft
2012-10-04 20:51:46 ----D---- C:\Program Files (x86)\ESTsoft
2012-10-04 20:24:55 ----D---- C:\Users\Weruska\AppData\Roaming\PhotoScape
2012-10-04 20:24:40 ----D---- C:\Program Files (x86)\PhotoScape
2012-10-04 19:47:26 ----D---- C:\Program Files\Microsoft Research
2012-10-04 09:34:44 ----D---- C:\Windows\SYSWOW64\Wat
2012-10-04 09:34:44 ----D---- C:\Windows\system32\Wat
2012-10-04 08:57:57 ----D---- C:\Users\Weruska\AppData\Roaming\Skype
2012-10-04 08:57:54 ----RD---- C:\Program Files (x86)\Skype
2012-10-04 08:57:52 ----D---- C:\ProgramData\Skype
2012-10-04 08:54:28 ----A---- C:\Windows\system32\browserchoice.exe
2012-10-04 08:51:19 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-10-04 08:51:19 ----A---- C:\Windows\SYSWOW64\url.dll
2012-10-04 08:51:19 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-10-04 08:51:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-10-04 08:51:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-10-04 08:51:19 ----A---- C:\Windows\system32\url.dll
2012-10-04 08:51:19 ----A---- C:\Windows\system32\mshtmled.dll
2012-10-04 08:51:19 ----A---- C:\Windows\system32\ieUnatt.exe
2012-10-04 08:51:19 ----A---- C:\Windows\system32\ieui.dll
2012-10-04 08:51:18 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-10-04 08:51:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-10-04 08:51:18 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-10-04 08:51:18 ----A---- C:\Windows\system32\wininet.dll
2012-10-04 08:51:18 ----A---- C:\Windows\system32\urlmon.dll
2012-10-04 08:51:18 ----A---- C:\Windows\system32\msfeeds.dll
2012-10-04 08:51:18 ----A---- C:\Windows\system32\jscript9.dll
2012-10-04 08:51:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-10-04 08:51:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-10-04 08:51:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-10-04 08:51:17 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-10-04 08:51:17 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-10-04 08:51:17 ----A---- C:\Windows\system32\vbscript.dll
2012-10-04 08:51:17 ----A---- C:\Windows\system32\jsproxy.dll
2012-10-04 08:51:17 ----A---- C:\Windows\system32\jscript.dll
2012-10-04 08:51:17 ----A---- C:\Windows\system32\iertutil.dll
2012-10-04 08:51:16 ----A---- C:\Windows\system32\mshtml.dll
2012-10-04 08:51:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-10-04 08:51:15 ----A---- C:\Windows\system32\ieframe.dll
2012-10-04 08:49:22 ----A---- C:\Windows\system32\MRT.exe
2012-10-04 08:47:02 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-10-04 08:47:02 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-04 08:47:02 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-10-04 08:47:02 ----A---- C:\Windows\system32\wmi.dll
2012-10-04 08:47:02 ----A---- C:\Windows\system32\wintrust.dll
2012-10-04 08:47:02 ----A---- C:\Windows\system32\imagehlp.dll
2012-10-04 08:47:02 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-10-04 08:26:29 ----A---- C:\Windows\system32\DWrite.dll
2012-10-04 08:26:28 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-10-04 08:26:28 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-10-04 08:26:28 ----A---- C:\Windows\system32\srcore.dll
2012-10-04 08:26:25 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2012-10-04 08:26:25 ----A---- C:\Windows\system32\poqexec.exe
2012-10-04 08:26:23 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-10-04 08:26:23 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-10-04 08:26:23 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-10-04 08:26:23 ----A---- C:\Windows\system32\msxml6.dll
2012-10-04 08:26:23 ----A---- C:\Windows\system32\msxml3r.dll
2012-10-04 08:26:23 ----A---- C:\Windows\system32\msxml3.dll
2012-10-04 08:26:22 ----A---- C:\Windows\system32\win32spl.dll
2012-10-04 08:26:21 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-10-04 08:26:21 ----A---- C:\Windows\system32\spoolsv.exe
2012-10-04 08:26:21 ----A---- C:\Windows\splwow64.exe
2012-10-04 08:26:19 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2012-10-04 08:26:19 ----A---- C:\Windows\system32\XpsPrint.dll
2012-10-04 08:26:18 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-10-04 08:26:17 ----A---- C:\Windows\system32\shell32.dll
2012-10-04 08:26:17 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-10-04 08:26:16 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-10-04 08:26:16 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-10-04 08:26:16 ----A---- C:\Windows\system32\d3d10level9.dll
2012-10-04 08:26:15 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-10-04 08:26:15 ----A---- C:\Windows\system32\rdpwsx.dll
2012-10-04 08:26:15 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-10-04 08:26:14 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-10-04 08:26:14 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-10-04 08:26:14 ----A---- C:\Windows\system32\schannel.dll
2012-10-04 08:26:14 ----A---- C:\Windows\system32\ncrypt.dll
2012-10-04 08:26:14 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-10-04 08:26:14 ----A---- C:\Windows\system32\drivers\cng.sys
2012-10-04 08:26:13 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-10-04 08:26:13 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-10-04 08:26:13 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-10-04 08:26:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-10-04 08:26:12 ----A---- C:\Windows\system32\drivers\netio.sys
2012-10-04 08:26:12 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-10-04 08:26:08 ----A---- C:\Windows\system32\profsvc.dll
2012-10-04 08:26:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-04 08:26:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-04 08:26:06 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-04 08:26:05 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-10-04 08:25:47 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-10-04 08:25:47 ----A---- C:\Windows\system32\drivers\partmgr.sys
2012-10-04 08:25:46 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-10-04 08:25:46 ----A---- C:\Windows\system32\msi.dll
2012-10-04 08:25:44 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-04 08:25:44 ----A---- C:\Windows\system32\crypt32.dll
2012-10-04 08:25:43 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-04 08:25:43 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-04 08:25:43 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-04 08:25:43 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-04 08:25:30 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-10-04 08:25:30 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-10-04 08:25:30 ----A---- C:\Windows\system32\netapi32.dll
2012-10-04 08:25:30 ----A---- C:\Windows\system32\browser.dll
2012-10-04 08:25:30 ----A---- C:\Windows\system32\browcli.dll
2012-10-04 08:25:22 ----A---- C:\Windows\system32\win32k.sys
2012-10-04 08:25:21 ----A---- C:\Windows\system32\localspl.dll
2012-10-04 08:25:17 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-10-04 08:25:15 ----A---- C:\Windows\system32\cdosys.dll
2012-10-03 23:28:40 ----D---- C:\Program Files (x86)\The KMPlayer
2012-10-03 23:28:15 ----D---- C:\ProgramData\Ask
2012-10-03 23:11:32 ----D---- C:\ProgramData\Western Digital
2012-10-03 23:11:22 ----D---- C:\Program Files (x86)\Western Digital
2012-10-03 23:03:14 ----D---- C:\Users\Weruska\AppData\Roaming\Macromedia
2012-10-03 23:03:01 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-10-03 22:59:13 ----D---- C:\Program Files (x86)\Adobe
2012-10-03 22:49:11 ----D---- C:\ProgramData\Adobe
2012-10-03 22:49:11 ----D---- C:\Program Files\Common Files\Adobe
2012-10-03 22:49:11 ----D---- C:\Program Files\Adobe
2012-10-03 22:47:30 ----HD---- C:\Lenovo
2012-10-03 22:19:40 ----D---- C:\Users\Weruska\AppData\Roaming\Dropbox
2012-10-03 22:17:22 ----D---- C:\Users\Weruska\AppData\Roaming\Mozilla
2012-10-03 22:17:17 ----D---- C:\ProgramData\Mozilla
2012-10-03 22:17:16 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-03 22:17:15 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-03 22:06:44 ----D---- C:\Templenovo
2012-10-03 22:02:41 ----D---- C:\ProgramData\CyberLink
2012-10-03 22:02:40 ----D---- C:\Program Files (x86)\Cyberlink
2012-10-03 21:52:34 ----D---- C:\Users\Weruska\AppData\Roaming\Adobe
2012-10-03 21:49:21 ----D---- C:\Users\Weruska\AppData\Roaming\EIZO
2012-10-03 21:48:37 ----D---- C:\ProgramData\EIZO
2012-10-03 21:48:37 ----D---- C:\Program Files (x86)\EIZO
2012-10-03 21:14:23 ----A---- C:\Windows\SYSWOW64\ustor.dll
2012-10-03 21:14:23 ----A---- C:\Windows\SYSWOW64\UMonit.exe
2012-10-03 21:14:23 ----A---- C:\Windows\system32\IconCfg0.ini
2012-10-03 21:14:23 ----A---- C:\Windows\system32\GeneIcon.dll
2012-10-03 21:14:19 ----A---- C:\Windows\SYSWOW64\ProductName.ini
2012-10-03 21:14:19 ----A---- C:\Windows\SYSWOW64\NoMSGuninstall.exe
2012-10-03 21:14:19 ----A---- C:\Windows\SYSWOW64\IconCfg0.ini
2012-10-03 21:14:19 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2012-10-03 21:14:19 ----A---- C:\Windows\system32\drivers\GeneStor.sys
2012-10-03 21:10:45 ----D---- C:\ProgramData\Lenovo
2012-10-03 21:08:46 ----D---- C:\Users\Weruska\AppData\Roaming\InstallShield
2012-10-03 21:05:49 ----A---- C:\Windows\system32\wups2.dll
2012-10-03 21:05:49 ----A---- C:\Windows\system32\wucltux.dll
2012-10-03 21:05:49 ----A---- C:\Windows\system32\wuaueng.dll
2012-10-03 21:05:49 ----A---- C:\Windows\system32\wuauclt.exe
2012-10-03 21:05:37 ----A---- C:\Windows\system32\wups.dll
2012-10-03 21:05:37 ----A---- C:\Windows\system32\wudriver.dll
2012-10-03 21:05:37 ----A---- C:\Windows\system32\wuapi.dll
2012-10-03 21:05:33 ----A---- C:\Windows\system32\wuwebv.dll
2012-10-03 21:05:33 ----A---- C:\Windows\system32\wuapp.exe
2012-10-03 21:05:17 ----D---- C:\Users\Weruska\AppData\Roaming\Leadertech
2012-10-03 21:05:17 ----D---- C:\Users\Weruska\AppData\Roaming\Intel Corporation
2012-10-03 21:04:58 ----D---- C:\Users\Weruska\AppData\Roaming\Identities
2012-10-03 21:02:24 ----A---- C:\Windows\firstboot.dat
2012-10-03 21:02:15 ----SD---- C:\Users\Weruska\AppData\Roaming\Microsoft
2012-10-03 21:02:15 ----D---- C:\Users\Weruska\AppData\Roaming\Media Center Programs
2012-10-03 21:01:15 ----SHD---- C:\Recovery

======List of files/folders modified in the last 1 month======

2012-10-09 21:45:07 ----D---- C:\Windows\Prefetch
2012-10-09 21:44:54 ----D---- C:\Windows\Temp
2012-10-09 21:44:51 ----RD---- C:\Program Files
2012-10-09 15:18:36 ----D---- C:\Windows\system32\config
2012-10-09 12:37:29 ----HD---- C:\ProgramData
2012-10-09 10:26:34 ----SD---- C:\ProgramData\Microsoft
2012-10-09 10:26:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-10-09 10:26:21 ----D---- C:\Program Files (x86)\Microsoft Office
2012-10-09 08:01:25 ----D---- C:\Windows\system32\catroot
2012-10-08 23:39:46 ----AD---- C:\Windows
2012-10-08 18:27:15 ----D---- C:\Windows\inf
2012-10-08 18:27:15 ----AD---- C:\Windows\System32
2012-10-08 18:27:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-08 18:27:07 ----D---- C:\Program Files (x86)\Common Files
2012-10-08 18:27:02 ----HD---- C:\Program Files (x86)\Temp
2012-10-08 18:26:59 ----RD---- C:\Program Files (x86)
2012-10-08 18:23:53 ----A---- C:\Windows\SYSWOW64\log.txt
2012-10-08 18:22:01 ----D---- C:\Windows\system32\Tasks
2012-10-08 18:20:21 ----SHD---- C:\Windows\Installer
2012-10-08 18:20:15 ----D---- C:\Windows\system32\drivers
2012-10-08 18:20:12 ----D---- C:\Windows\SysWOW64
2012-10-08 18:19:55 ----SHD---- C:\System Volume Information
2012-10-08 18:10:16 ----D---- C:\Windows\winsxs
2012-10-06 02:15:38 ----D---- C:\Windows\system32\catroot2
2012-10-06 00:19:43 ----D---- C:\Windows\rescache
2012-10-05 08:41:02 ----D---- C:\Windows\SYSWOW64\winrm
2012-10-05 08:41:02 ----D---- C:\Windows\SYSWOW64\slmgr
2012-10-05 08:41:02 ----D---- C:\Windows\SYSWOW64\sk-SK
2012-10-05 08:41:02 ----D---- C:\Windows\SYSWOW64\migwiz
2012-10-05 08:41:02 ----D---- C:\Windows\SYSWOW64\en
2012-10-05 08:41:02 ----D---- C:\Windows\servicing
2012-10-05 08:41:02 ----D---- C:\Windows\ehome
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Sidebar
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Photo Viewer
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Media Player
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Mail
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Journal
2012-10-05 08:41:02 ----D---- C:\Program Files\Windows Defender
2012-10-05 08:41:02 ----D---- C:\Program Files\Common Files\System
2012-10-05 08:41:02 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-10-05 08:41:02 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2012-10-05 08:41:02 ----D---- C:\Program Files (x86)\Windows Media Player
2012-10-05 08:41:02 ----D---- C:\Program Files (x86)\Windows Mail
2012-10-05 08:41:02 ----D---- C:\Program Files (x86)\Windows Defender
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\WCN
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\Printing_Admin_Scripts
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\en-US
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\DriverStore
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\drivers\en-US
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-05 08:41:01 ----D---- C:\Windows\SYSWOW64\Dism
2012-10-05 08:41:00 ----D---- C:\Windows\system32\winrm
2012-10-05 08:41:00 ----D---- C:\Windows\system32\sysprep
2012-10-05 08:41:00 ----D---- C:\Windows\system32\slmgr
2012-10-05 08:41:00 ----D---- C:\Windows\system32\sk-SK
2012-10-05 08:41:00 ----D---- C:\Windows\system32\migwiz
2012-10-05 08:41:00 ----D---- C:\Windows\system32\en
2012-10-05 08:41:00 ----D---- C:\Windows\system32\Boot
2012-10-05 08:41:00 ----D---- C:\Windows\en-US
2012-10-05 08:41:00 ----AD---- C:\Windows\system32\oobe
2012-10-05 08:40:59 ----D---- C:\Windows\system32\en-US
2012-10-05 08:40:58 ----D---- C:\Windows\system32\drivers\en-US
2012-10-05 08:40:57 ----D---- C:\Windows\system32\WCN
2012-10-05 08:40:57 ----D---- C:\Windows\system32\DriverStore
2012-10-05 08:40:57 ----D---- C:\Windows\system32\Dism
2012-10-05 08:40:54 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-10-05 08:40:52 ----D---- C:\Program Files\DVD Maker
2012-10-05 08:40:49 ----D---- C:\Windows\Speech
2012-10-05 02:58:30 ----D---- C:\Windows\Microsoft.NET
2012-10-05 02:58:29 ----RSD---- C:\Windows\assembly
2012-10-05 02:42:12 ----D---- C:\ProgramData\Partner
2012-10-05 02:42:12 ----D---- C:\Program Files\Google
2012-10-05 02:42:12 ----D---- C:\Program Files (x86)\Google
2012-10-04 23:16:49 ----D---- C:\Program Files\Common Files
2012-10-04 21:08:59 ----D---- C:\Windows\system32\drivers\etc
2012-10-04 20:51:46 ----D---- C:\Windows\Resources
2012-10-04 19:36:00 ----D---- C:\Windows\system32\NDF
2012-10-04 09:38:16 ----D---- C:\Windows\system32\wdi
2012-10-04 09:34:47 ----RSD---- C:\Windows\Fonts
2012-10-04 09:34:43 ----D---- C:\Windows\SYSWOW64\migration
2012-10-04 09:34:43 ----D---- C:\Windows\system32\migration
2012-10-04 09:34:43 ----D---- C:\Program Files\Internet Explorer
2012-10-04 09:34:43 ----D---- C:\Program Files (x86)\Internet Explorer
2012-10-04 09:34:40 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-04 09:34:40 ----D---- C:\Windows\system32\cs-CZ
2012-10-04 08:49:22 ----D---- C:\Windows\debug
2012-10-04 08:45:13 ----D---- C:\Windows\SoftwareDistribution
2012-10-03 23:03:09 ----D---- C:\Windows\Tasks
2012-10-03 22:10:52 ----D---- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
2012-10-03 22:10:06 ----D---- C:\Program Files (x86)\Intel
2012-10-03 22:09:39 ----D---- C:\Program Files (x86)\Realtek
2012-10-03 22:09:14 ----D---- C:\Windows\SYSWOW64\RTCOM
2012-10-03 22:08:38 ----D---- C:\Windows\Logs
2012-10-03 22:08:27 ----D---- C:\ProgramData\NVIDIA
2012-10-03 21:31:03 ----D---- C:\Windows\Panther
2012-10-03 21:30:56 ----D---- C:\ProgramData\McAfee
2012-10-03 21:15:21 ----D---- C:\Windows\system32\LogFiles
2012-10-03 21:14:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-03 21:05:15 ----D---- C:\Windows\system32\restore
2012-10-03 21:04:55 ----SHD---- C:\$Recycle.Bin
2012-10-03 21:02:15 ----AD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]
R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2012-02-22 647208]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-06-08 213888]
R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 GeneStor;Genesys Logic Storage Driver; C:\Windows\system32\DRIVERS\GeneStor.sys [2011-05-18 58368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-06 3074536]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2012-02-22 160792]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2012-02-22 229528]
R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
R3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-03 874088]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\drivers\rusb3hub.sys [2011-11-21 101376]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\drivers\rusb3xhc.sys [2011-11-21 217088]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 wsvd;wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-09 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 JME Keyboard;JME Keyboard Driver; C:\Windows\jmesoft\Service.exe [2011-03-16 32768]
R2 LenovoCOMSvc;LenovoCOMService; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [2011-11-05 37888]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-05-25 199304]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Windows\system32\mfevtps.exe [2012-05-25 162224]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2012-07-13 66560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-03-02 889664]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R2 WDBackup;WD Backup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
R2 WDDriveService;WD Drive Manager; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-13 248248]
R2 WDRulesService;WD Rules; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 LitModeCtrl;LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [2011-11-07 101888]
R3 McODS;McAfee Scanner; C:\Program Files\mcafee\VirusScan\mcods.exe [2011-03-17 501768]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-06-08 182768]
S3 McAWFwk;McAfee Activation Service; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-04 1255736]
S4 McOobeSv;McAfee OOBE Service; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Zdravim

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Search
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Doufám, že stačí připojit jen ty flash/disky, co byly v PC od té doby, co byl nakažen...? Nebo vážně všechny, které mám?

USBFix

############################## | UsbFix 7.059 | [Research]

User: Weruska (Administrator) # WERUSKA-PC [LENOVO IdeaCentre K410]
Updated 16/09/2011 by El Desaparecido
Started at 21:55:53 | 09/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
CPU 2: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 8155 Mb
C:\ (%systemdrive%) -> Fixed drive # 906 Gb (531 Mb free - 59%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Fixed drive # 931 Gb (662 Mb free - 71%) [My Passport] # NTFS
G:\ -> CD-ROM

################## | Files # Infected Folders |

Found ! C:\Users\Weruska\AppData\Roaming\16EB.exe
Found ! C:\Users\Weruska\AppData\Roaming\1814.exe
Found ! C:\Users\Weruska\AppData\Roaming\1DDA.exe
Found ! C:\Users\Weruska\AppData\Roaming\2F4C.exe
Found ! C:\Users\Weruska\AppData\Roaming\34E9.exe
Found ! C:\Users\Weruska\AppData\Roaming\3BEE.exe
Found ! C:\Users\Weruska\AppData\Roaming\5857.exe
Found ! C:\Users\Weruska\AppData\Roaming\5F35.exe
Found ! C:\Users\Weruska\AppData\Roaming\657.exe
Found ! C:\Users\Weruska\AppData\Roaming\721.exe
Found ! C:\Users\Weruska\AppData\Roaming\73DD.exe
Found ! C:\Users\Weruska\AppData\Roaming\7723.exe
Found ! C:\Users\Weruska\AppData\Roaming\7FBD.exe
Found ! C:\Users\Weruska\AppData\Roaming\9090.exe
Found ! C:\Users\Weruska\AppData\Roaming\9522.exe
Found ! C:\Users\Weruska\AppData\Roaming\9E47.exe
Found ! C:\Users\Weruska\AppData\Roaming\A2D7.exe
Found ! C:\Users\Weruska\AppData\Roaming\A40.exe
Found ! C:\Users\Weruska\AppData\Roaming\AB53.exe
Found ! C:\Users\Weruska\AppData\Roaming\BAB0.exe
Found ! C:\Users\Weruska\AppData\Roaming\BB33.exe
Found ! C:\Users\Weruska\AppData\Roaming\BC45.exe
Found ! C:\Users\Weruska\AppData\Roaming\C9AF.exe
Found ! C:\Users\Weruska\AppData\Roaming\CBFF.exe
Found ! C:\Users\Weruska\AppData\Roaming\D6E9.exe
Found ! C:\Users\Weruska\AppData\Roaming\E7FB.exe
Found ! C:\Users\Weruska\AppData\Roaming\E879.exe
Found ! C:\Users\Weruska\AppData\Roaming\EC00.exe
Found ! C:\Users\Weruska\AppData\Roaming\F27B.exe
Found ! C:\Users\Weruska\AppData\Roaming\F6D4.exe
Found ! C:\Users\Weruska\AppData\Roaming\F880.exe
Found ! C:\Users\Weruska\AppData\Roaming\FA31.exe
Found ! C:\Users\Weruska\AppData\Roaming\Qvjijy.exe
Found ! D:\autorun.inf
Found ! F:\Recycler\desktop.ini
Found ! F:\RECYCLER\S-1-5-21-1471234077-2257241897-4080789321-1006

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Qvjijy
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{3df9cdcf-b1af-11e1-a6d7-806e6f6e6963}
Shell\AutoRun\Command = E:\Launcher.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{63cb657f-0d98-11e2-a783-eca86b85401a}
Shell\AutoRun\Command = "D:\WD Drive Unlock.exe" autoplay=true

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

AdwCleaner

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 22:11:43
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Weruska - WERUSKA-PC
# Boot Mode : Normal
# Running from : C:\Users\Weruska\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1024693058-3445590600-3067334273-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Weruska\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1418 octets] - [09/10/2012 22:11:43]

########## EOF - C:\AdwCleaner[R1].txt - [1478 octets] ##########

Staci ty nakazene USBecka...ale udelal jste to chybne, takze je znovu zapojte a kliknete na Deletion, log pak opet sem

Snad tentokrát lépe... jen poznámka, že USBFix chvílema byl ve stavu [Neodpovídá] a log nevyskočil, musela jsem ho dohledat.
Složky na disku jsou ale zpátky a soubory zdá se taky.

############################## | UsbFix 7.059 | [Deletion]

User: Weruska (Administrator) # WERUSKA-PC [LENOVO IdeaCentre K410]
Updated 16/09/2011 by El Desaparecido
Started at 11:27:50 | 10/10/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
CPU 2: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 8155 Mb
C:\ (%systemdrive%) -> Fixed drive # 906 Gb (527 Mb free - 58%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Fixed drive # 931 Gb (662 Mb free - 71%) [My Passport] # NTFS
G:\ -> CD-ROM

################## | Files # Infected Folders |

Deleted ! C:\Users\Weruska\AppData\Roaming\16EB.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\1814.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\186.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\1DDA.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\1F72.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\243B.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\2F4C.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\34E9.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\3BEE.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\4CBF.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\5068.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\5857.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\5A7.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\5EDA.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\5F35.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\657.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\6B79.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\721.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\73DD.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\7723.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\79F1.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\7A09.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\7FBD.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\8828.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\9090.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\9522.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\9E47.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\A2D7.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\A40.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\A5CE.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\AB53.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\B3FE.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\BAB0.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\BB33.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\BC00.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\BC45.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\C998.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\C9AF.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\CBFF.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\D26F.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\D6E9.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\E7FB.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\E879.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\EC00.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\F27B.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\F6D4.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\F880.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\FA31.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\FD56.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\Host.exe
Deleted ! C:\Users\Weruska\AppData\Roaming\Qvjijy.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1024693058-3445590600-3067334273-1001
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1024693058-3445590600-3067334273-500
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-1024693058-3445590600-3067334273-1001
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-2144605907-3712647749-1834087114-1000
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-2284040137-2994389258-4217908179-1000
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-2740757872-397542857-3819901686-1000
Deleted ! F:\$RECYCLE.BIN\S-1-5-21-3468272962-3156370194-2324628343-1001
Deleted ! F:\Recycler\S-1-5-21-1471234077-2257241897-4080789321-1006
Not deleted ! D:\autorun.inf
Deleted ! F:\Recycler\desktop.ini

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Host
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Qvjijy
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{3df9cdcf-b1af-11e1-a6d7-806e6f6e6963}

################## | Listing |

[10/10/2012 - 11:34:19 | SHD ] C:\$Recycle.Bin
[09/10/2012 - 22:11:46 | N | 1543] C:\AdwCleaner[R1].txt
[24/02/2011 - 19:03:40 | D ] C:\Boot
[21/11/2010 - 05:23:51 | RASH | 383786] C:\bootmgr
[24/02/2011 - 19:03:41 | N | 8192] C:\BOOTSECT.BAK
[08/10/2012 - 18:21:20 | D ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[10/10/2012 - 09:56:18 | ASH | 6413246464] C:\hiberfil.sys
[08/06/2012 - 23:14:12 | D ] C:\Intel
[03/10/2012 - 22:47:30 | D ] C:\Lenovo
[10/10/2012 - 09:56:20 | ASH | 8550998016] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[09/10/2012 - 21:44:51 | D ] C:\Program Files
[08/10/2012 - 18:26:59 | D ] C:\Program Files (x86)
[09/10/2012 - 12:37:29 | HD ] C:\ProgramData
[03/10/2012 - 21:01:15 | SHD ] C:\Recovery
[03/10/2012 - 22:09:17 | N | 2410] C:\RHDSetup.log
[09/10/2012 - 21:45:51 | D ] C:\rsit
[08/10/2012 - 18:19:55 | SHD ] C:\System Volume Information
[03/10/2012 - 22:11:00 | D ] C:\Templenovo
[10/10/2012 - 11:34:19 | D ] C:\UsbFix
[10/10/2012 - 11:27:51 | A | 5933] C:\UsbFix.txt
[03/10/2012 - 21:02:15 | D ] C:\Users
[08/10/2012 - 23:39:46 | D ] C:\Windows
[01/11/2011 - 22:39:30 | A | 79] D:\autorun.inf
[18/01/2012 - 21:05:21 | AD ] D:\Extras
[17/12/2011 - 00:45:37 | AD ] D:\Locale
[16/12/2011 - 23:21:11 | A | 1992096] D:\WD Drive Unlock.exe
[23/08/2012 - 00:35:21 | D ] F:\!Filmy
[03/08/2012 - 19:04:30 | D ] F:\!Fotky
[03/10/2012 - 17:07:08 | D ] F:\!Hudba
[25/07/2012 - 09:22:57 | D ] F:\!Knihy
[25/07/2012 - 10:37:27 | D ] F:\!Seriály
[10/10/2012 - 11:34:19 | SHD ] F:\$RECYCLE.BIN
[14/08/2012 - 02:11:13 | D ] F:\666
[03/10/2012 - 17:28:12 | D ] F:\Dokumenty-migrace
[15/05/2012 - 05:31:22 | D ] F:\Extras
[15/05/2012 - 05:31:22 | D ] F:\Locale
[09/10/2012 - 10:15:50 | D ] F:\Lost Location
[05/10/2012 - 01:58:33 | N | 528] F:\MediaID.bin
[15/05/2012 - 05:31:22 | D ] F:\My Passport Apps for Mac
[09/10/2012 - 10:24:13 | D ] F:\Recycle Bin
[10/10/2012 - 11:34:12 | HD ] F:\RECYCLER
[09/10/2012 - 09:24:56 | D ] F:\System Volume Information
[15/05/2012 - 05:31:26 | D ] F:\User Manuals
[15/05/2012 - 05:31:29 | D ] F:\WD Apps for Windows
[12/04/2012 - 02:13:19 | N | 4207520] F:\WD Apps Setup.exe
[05/10/2012 - 02:07:34 | D ] F:\WindowsImageBackup

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

Aaaano, USBFix provedl opravu jak mel, ale jeste musime zbavit PC haveti

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Delete
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Tady to je.

# AdwCleaner v2.004 - Logfile created 10/10/2012 at 11:52:17
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Weruska - WERUSKA-PC
# Boot Mode : Normal
# Running from : C:\Users\Weruska\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (cs)

Profile name : default
File : C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Weruska\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1543 octets] - [09/10/2012 22:11:43]
AdwCleaner[S1].txt - [1376 octets] - [10/10/2012 11:52:17]

########## EOF - C:\AdwCleaner[S1].txt - [1436 octets] ##########

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Logy přikládám níže, jen ComboFix jsem zapomněla spustit jako správce

Mám spustit ještě jednou?

Rkill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/10/2012 08:37:38 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\jmesoft\Service.exe (PID: 1908) [WD-HEUR]
* C:\Windows\SysWOW64\nlssrv32.exe (PID: 1156) [WD-HEUR]
* C:\Windows\SysWOW64\UMonit.exe (PID: 3552) [WD-HEUR]
* C:\Users\Weruska\nofzuztulsup.exe (PID: 3708) [UP-HEUR]
* C:\Windows\jmesoft\hotkey.exe (PID: 3452) [WD-HEUR]
* C:\Windows\jmesoft\JME_LOAD.exe (PID: 4168) [WD-HEUR]

6 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Weruska\Desktop\rkill\rkill-10-10-2012-08-37-47.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

67.221.174.30 tagged.com
204.9.178.11 typepad.com
74.113.152.32 istockphoto.com
208.94.0.38 yfrog.com
63.309.5.102 virustotal.com
123.125.50.22 126.com
74.208.73.101 qvc.com
174.36.28.11 SlideShare.com
213.238.60.190 xing.com
59.106.98.139 seesaa.net
184.72.253.170 hootsuite.com
211.151.146.16 soku.com
72.32.120.222 metacafe.com
9.105.6.98 bitdefender.com
204.11.109.133 tribalfusion.com
207.154.14.31tripadvisor.com
216.52.240.133 ustream.tv
174.36.244.132 linkwithin.com
121.67.203.61 scan.novirusthanks.org
209.172.34.139 imagevenue.com

20 out of 133 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 10/10/2012 08:37:53 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

ComboFix

ComboFix 12-10-10.02 - Weruska 10.10.2012 20:40:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8155.6355 [GMT 2:00]
Spuštěný z: c:\users\Weruska\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 256 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Weruska\AppData\Roaming\log.dat
c:\users\Weruska\nofzuztulsup.exe
c:\windows\.log
c:\windows\SysWow64\lsprst7.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 18:43 . 2012-10-10 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:50 . 2012-10-10 09:50 -------- d-----w- c:\program files (x86)\Auslogics
2012-10-10 08:44 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 08:44 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 08:44 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 08:44 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 08:44 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 08:44 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 08:44 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 08:44 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 08:44 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 08:44 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 19:53 . 2012-10-10 09:44 -------- d-----w- C:\UsbFix
2012-10-09 19:44 . 2012-10-09 19:45 -------- d-----w- c:\program files\trend micro
2012-10-09 19:44 . 2012-10-09 19:45 -------- d-----w- C:\rsit
2012-10-09 10:41 . 2012-10-09 10:41 -------- d-----w- c:\program files\R
2012-10-09 10:37 . 2012-10-09 10:50 -------- d-----w- c:\programdata\VirtualizedApplications
2012-10-09 08:26 . 2012-10-09 08:26 -------- d-----w- c:\program files\Microsoft Office
2012-10-09 08:26 . 2012-10-08 16:20 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-10-09 06:01 . 2012-10-09 06:01 -------- d-----w- c:\program files\Western Digital
2012-10-08 21:35 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-08 21:35 . 2012-10-09 06:03 -------- d-----w- c:\programdata\AVAST Software
2012-10-08 21:35 . 2012-10-08 21:35 -------- d-----w- c:\program files\AVAST Software
2012-10-08 21:13 . 2012-10-08 21:14 -------- d-----w- c:\programdata\MFAData
2012-10-08 21:13 . 2012-10-08 21:13 -------- d--h--w- c:\programdata\Common Files
2012-10-08 21:04 . 2012-10-08 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-08 21:04 . 2012-10-08 21:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-08 16:27 . 2012-10-08 16:27 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-10-08 16:26 . 2012-10-08 16:26 -------- d-----w- c:\program files (x86)\Wondershare
2012-10-07 03:15 . 2012-10-07 03:17 -------- d-----w- c:\program files (x86)\MSECache
2012-10-04 21:39 . 2012-10-04 21:40 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-10-04 21:17 . 2012-10-04 21:17 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-10-04 21:17 . 2012-10-04 21:17 -------- d-----w- c:\programdata\SPSS
2012-10-04 21:16 . 2012-10-04 21:16 -------- d-----w- c:\program files\Common Files\IBM
2012-10-04 21:16 . 2012-10-04 21:16 -------- d-----w- c:\program files\IBM
2012-10-04 21:16 . 2012-10-04 21:16 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-10-04 21:13 . 2012-10-04 21:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-10-04 21:13 . 2009-02-24 16:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-10-04 21:13 . 2009-02-24 16:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-10-04 21:10 . 2012-10-04 21:10 -------- d-----w- c:\users\Public\CyberLink
2012-10-04 19:54 . 2012-10-04 20:07 -------- d-----w- c:\programdata\Nik Software
2012-10-04 19:54 . 2012-10-04 20:13 -------- d-----w- c:\program files\Nik Software
2012-10-04 19:42 . 2012-10-04 19:42 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-04 18:51 . 2012-10-04 18:51 -------- d-----w- c:\programdata\ESTsoft
2012-10-04 18:51 . 2012-10-04 18:51 -------- d-----w- c:\program files (x86)\ESTsoft
2012-10-04 18:24 . 2012-10-04 18:24 -------- d-----w- c:\program files (x86)\PhotoScape
2012-10-04 17:47 . 2012-10-04 17:47 -------- d-----w- c:\program files\Microsoft Research
2012-10-04 07:34 . 2012-10-04 07:34 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-04 07:34 . 2012-10-04 07:34 -------- d-----w- c:\windows\system32\Wat
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----r- c:\program files (x86)\Skype
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----w- c:\programdata\Skype
2012-10-04 06:54 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-04 06:49 . 2012-10-10 10:01 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 06:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-04 06:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-04 06:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-04 06:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-04 06:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-04 06:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-03 21:28 . 2012-10-03 21:29 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-10-03 21:11 . 2012-10-09 06:01 -------- d-----w- c:\programdata\Western Digital
2012-10-03 21:11 . 2012-10-09 06:01 -------- d-----w- c:\program files (x86)\Western Digital
2012-10-03 21:11 . 2012-10-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2012-10-03 21:03 . 2012-10-03 21:03 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 20:59 . 2012-10-03 20:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-03 20:49 . 2012-10-04 19:58 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-03 20:49 . 2012-10-04 19:45 -------- d-----w- c:\program files\Adobe
2012-10-03 20:47 . 2012-10-03 20:47 -------- d-----w- C:\Lenovo
2012-10-03 20:17 . 2012-10-10 09:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-03 20:06 . 2012-10-03 20:11 -------- d-----w- C:\Templenovo
2012-10-03 20:02 . 2012-10-03 20:47 -------- d-----w- c:\programdata\CyberLink
2012-10-03 20:02 . 2012-10-03 20:02 -------- d-----w- c:\program files (x86)\Cyberlink
2012-10-03 19:48 . 2012-10-03 19:49 -------- d-----w- c:\program files (x86)\EIZO
2012-10-03 19:48 . 2012-10-03 19:48 -------- d-----w- c:\programdata\EIZO
2012-10-03 19:14 . 2011-05-25 12:09 49152 ----a-w- c:\windows\SysWow64\UMonit.exe
2012-10-03 19:14 . 2011-05-25 09:57 8323072 ----a-w- c:\windows\system32\GeneIcon.dll
2012-10-03 19:14 . 2009-10-26 07:52 139264 ----a-w- c:\windows\SysWow64\ustor.dll
2012-10-03 19:14 . 2011-05-18 05:50 58368 ----a-w- c:\windows\system32\drivers\GeneStor.sys
2012-10-03 19:14 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-10-03 19:14 . 2008-02-04 13:43 172097 ----a-w- c:\windows\SysWow64\NoMSGuninstall.exe
2012-10-03 19:10 . 2012-10-03 19:10 -------- d-----w- c:\programdata\Lenovo
2012-10-03 19:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-03 19:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-03 19:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-03 19:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-03 19:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-03 19:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-03 19:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-03 19:05 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-03 19:05 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-03 19:02 . 2012-10-10 18:43 -------- d-----w- c:\users\Weruska
2012-10-03 19:01 . 2012-10-03 19:01 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 21:03 . 2012-06-08 21:23 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 19:52 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-20 17:38 . 2012-10-10 08:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-07-13 02:08 . 2012-07-13 02:08 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2011-04-13 17:58 34049952 --sh--w- c:\windows\setupa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"ModeSwitch"="c:\program files\Lenovo\Power Control Switch\LitModeSwitch.exe" [2011-12-20 712192]
"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
"ScreenManager Pro for LCD (DDCCI)"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe" [2011-06-15 4875632]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"Nástroj WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
.
c:\users\Weruska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2012-10-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-07-13 66560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-10 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [2011-11-21 101376]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [2011-11-21 217088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-04 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [2011-11-05 37888]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-13 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [2011-05-18 58368]
S3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Control Switch\LitModeCtrl.exe [2011-11-07 101888]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-03 874088]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mfeavfk01
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 21:21]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-05-25 49152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-nofzuztulsup - c:\users\Weruska\nofzuztulsup.exe
Wow6432Node-HKLM-Run-WD Drive Unlocker - c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-10 20:44:42
ComboFix-quarantined-files.txt 2012-10-10 18:44
.
Před spuštěním: Volných bajtů: 557 654 769 664
Po spuštění: Volných bajtů: 557 698 199 552
.
- - End Of File - - 6322E367C7C16C65F356AA560BFB9E36

Neni treba, on si prava spravce vynutil

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

Tady to je

DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Weruska at 21:05:34 on 2012-10-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8155.6099 [GMT 2:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EIZO\ScreenSlicer\ESCSlicer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Lenovo\LVT\LVT.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20121004094746.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [jmekey] C:\Windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [ModeSwitch] "C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe" /AutoRun
mRun: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
mRun: [ScreenManager Pro for LCD (DDCCI)] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nástroj WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [Nástroj WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\Weruska\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EIZOSC~1.LNK - C:\Windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe
uPolicies-Explorer: NoDriveAutoRun = dword:3
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{A038CE71-C27F-48C8-A608-6100D8910650} : DHCPNameServer = 213.46.172.36 213.46.172.37
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20121004094746.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 289664]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75936]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-8 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-9 607456]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-8 161560]
R2 LenovoCOMSvc;LenovoCOMService;C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [2012-6-8 37888]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-6-8 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-6-8 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-6-8 162224]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-8 363800]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-6-14 1151424]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-6-13 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-6-14 1177536]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 GeneStor;Genesys Logic Storage Driver;C:\Windows\System32\drivers\GeneStor.sys [2012-10-3 58368]
R3 LitModeCtrl;LitModeCtrl;C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [2012-6-8 101888]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2011-12-23 60184]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 487296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-6-8 188224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-8 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-8 874088]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-12-16 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-8 136176]
S2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2012-6-8 32768]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-7-13 66560]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-8 136176]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-10-3 225216]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-3 115168]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2012-2-17 101376]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2012-2-17 217088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-4 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-10 18:39:34 98816 ----a-w- C:\Windows\sed.exe
2012-10-10 18:39:34 256000 ----a-w- C:\Windows\PEV.exe
2012-10-10 18:39:34 208896 ----a-w- C:\Windows\MBR.exe
2012-10-10 09:58:44 -------- d-----w- C:\Windows\pss
2012-10-10 09:50:07 -------- d-----w- C:\Program Files (x86)\Auslogics
2012-10-10 08:44:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 08:44:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 08:44:33 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 08:44:33 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 08:44:29 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 08:44:29 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 08:44:29 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 08:44:29 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 08:44:29 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 08:44:28 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 19:53:59 -------- d-----w- C:\UsbFix
2012-10-09 19:44:51 -------- d-----w- C:\Program Files\trend micro
2012-10-09 10:41:46 -------- d-----w- C:\Program Files\R
2012-10-09 10:37:29 -------- d-----w- C:\ProgramData\VirtualizedApplications
2012-10-09 08:26:58 -------- d-----w- C:\Users\Weruska\AppData\Roaming\SoftGrid Client
2012-10-09 08:26:58 -------- d-----w- C:\Users\Weruska\AppData\Local\SoftGrid Client
2012-10-09 08:26:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-10-09 08:26:13 -------- d-----w- C:\Users\Weruska\AppData\Roaming\TP
2012-10-09 08:16:32 -------- d-----w- C:\Users\Weruska\AppData\Local\MicrosoftStore
2012-10-09 06:01:10 -------- d-----w- C:\Program Files\Western Digital
2012-10-09 05:59:13 5163984 ----a-r- C:\Users\Weruska\AppData\Roaming\Microsoft\Installer\{094D3055-1F1D-4221-B288-4DD0BE529794}\icon.exe
2012-10-08 21:35:29 -------- d-----w- C:\ProgramData\AVAST Software
2012-10-08 21:35:29 -------- d-----w- C:\Program Files\AVAST Software
2012-10-08 21:13:59 -------- d--h--w- C:\ProgramData\Common Files
2012-10-08 21:13:59 -------- d-----w- C:\Users\Weruska\AppData\Local\MFAData
2012-10-08 21:13:59 -------- d-----w- C:\Users\Weruska\AppData\Local\Avg2013
2012-10-08 21:13:59 -------- d-----w- C:\ProgramData\MFAData
2012-10-08 16:27:08 -------- d-----w- C:\Users\Weruska\AppData\Local\Wondershare
2012-10-08 16:27:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2012-10-08 16:26:59 -------- d-----w- C:\Program Files (x86)\Wondershare
2012-10-07 03:15:41 -------- d-----w- C:\Program Files (x86)\MSECache
2012-10-04 21:39:59 -------- d--h--w- C:\Users\Weruska\InstallAnywhere
2012-10-04 21:39:59 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2012-10-04 21:17:20 -------- d-----w- C:\ProgramData\SafeNet Sentinel
2012-10-04 21:17:19 -------- d-----w- C:\ProgramData\SPSS
2012-10-04 21:16:49 -------- d-----w- C:\Program Files\Common Files\IBM
2012-10-04 21:16:26 -------- d-----w- C:\Program Files\IBM
2012-10-04 21:16:23 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-10-04 21:13:15 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2012-10-04 21:13:15 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2012-10-04 21:13:15 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-10-04 20:13:45 -------- d-----w- C:\Users\Weruska\AppData\Roaming\NVIDIA
2012-10-04 19:54:59 -------- d-----w- C:\Users\Weruska\AppData\Local\Nik Software
2012-10-04 19:54:55 -------- d-----w- C:\ProgramData\Nik Software
2012-10-04 19:54:53 -------- d-----w- C:\Program Files\Nik Software
2012-10-04 19:42:25 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-04 18:51:50 -------- d-----w- C:\Users\Weruska\AppData\Local\ECRSC
2012-10-04 18:51:48 -------- d-----w- C:\ProgramData\ESTsoft
2012-10-04 18:51:46 -------- d-----w- C:\Users\Weruska\AppData\Roaming\ESTsoft
2012-10-04 18:51:46 -------- d-----w- C:\Program Files (x86)\ESTsoft
2012-10-04 18:24:55 -------- d-----w- C:\Users\Weruska\AppData\Roaming\PhotoScape
2012-10-04 18:24:40 -------- d-----w- C:\Program Files (x86)\PhotoScape
2012-10-04 17:47:26 -------- d-----w- C:\Program Files\Microsoft Research
2012-10-04 07:34:44 -------- d-----w- C:\Windows\SysWow64\Wat
2012-10-04 07:34:44 -------- d-----w- C:\Windows\System32\Wat
2012-10-04 06:57:54 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-04 06:54:28 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-10-04 06:47:02 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-10-04 06:47:02 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-10-04 06:47:02 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-10-04 06:47:02 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-10-04 06:47:02 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-10-04 06:25:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-10-03 21:28:40 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-10-03 21:15:32 -------- d-----r- C:\Users\Weruska\Fotky
2012-10-03 21:11:51 -------- d-----w- C:\Users\Weruska\AppData\Local\Western_Digital
2012-10-03 21:11:32 -------- d-----w- C:\ProgramData\Western Digital
2012-10-03 21:11:22 -------- d-----w- C:\Program Files (x86)\Western Digital
2012-10-03 21:11:22 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2012-10-03 21:11:01 -------- d-----w- C:\Users\Weruska\AppData\Local\Western Digital
2012-10-03 21:03:14 -------- d-----w- C:\Users\Weruska\AppData\Local\Macromedia
2012-10-03 21:03:01 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-03 21:00:14 -------- d-----w- C:\Users\Weruska\AppData\Local\Adobe
2012-10-03 20:47:30 -------- d-----w- C:\Lenovo
2012-10-03 20:20:51 -------- d-----r- C:\Users\Weruska\Dropbox
2012-10-03 20:19:40 -------- d-----w- C:\Users\Weruska\AppData\Roaming\Dropbox
2012-10-03 20:17:22 -------- d-----w- C:\Users\Weruska\AppData\Local\Mozilla
2012-10-03 20:17:16 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-03 20:16:03 -------- d-----w- C:\Users\Weruska\AppData\Local\Diagnostics
2012-10-03 20:06:44 -------- d-----w- C:\Templenovo
2012-10-03 19:58:00 -------- dc----w- C:\Users\Weruska\AppData\Local\MigWiz
2012-10-03 19:49:21 -------- d-----w- C:\Users\Weruska\AppData\Roaming\EIZO
2012-10-03 19:49:02 -------- d-----w- C:\Users\Weruska\AppData\Local\Downloaded Installations
2012-10-03 19:48:37 -------- d-----w- C:\ProgramData\EIZO
2012-10-03 19:48:37 -------- d-----w- C:\Program Files (x86)\EIZO
2012-10-03 19:14:23 8323072 ----a-w- C:\Windows\System32\GeneIcon.dll
2012-10-03 19:14:23 49152 ----a-w- C:\Windows\SysWow64\UMonit.exe
2012-10-03 19:14:23 139264 ----a-w- C:\Windows\SysWow64\ustor.dll
2012-10-03 19:14:19 58368 ----a-w- C:\Windows\System32\drivers\GeneStor.sys
2012-10-03 19:14:19 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-10-03 19:14:19 172097 ----a-w- C:\Windows\SysWow64\NoMSGuninstall.exe
2012-10-03 19:10:45 -------- d-----w- C:\ProgramData\Lenovo
2012-10-03 19:07:02 -------- d-----w- C:\Users\Weruska\AppData\Local\Lenovo
2012-10-03 19:04:55 -------- d-----w- C:\Users\Weruska\AppData\Local\VirtualStore
2012-10-03 19:01:15 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-10-03 21:03:01 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 16:52:50 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 02:08:56 66560 ----a-w- C:\Windows\SysWow64\nlssrv32.exe
2011-04-13 17:58:08 34049952 --sh--w- C:\Windows\setupa.exe
.
============= FINISH: 21:05:59,54 ===============

Fajn, dejte mi prosim par chvil nez napisu skript kterym nakrmime ComboFix a zadame mu dalsi ukoly

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
mRun: [UpdatePRCShortCut]
mRun: [UpdateP2GoShortCut]
mRun: [Adobe ARM]
x64-Run: [UpdatePRCShortCut]

Folder::
C:\ProgramData\AVAST Software
C:\Program Files\AVAST Software

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Omlouvám se za delší odezvu, kontrolovala jsem předtím ještě některé zálohy.

Ano, bylo třeba restartovat počítač.

Tady je log:

ComboFix 12-10-10.02 - Weruska 10.10.2012 22:23:57.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8155.6546 [GMT 2:00]
Spuštěný z: c:\users\Weruska\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Weruska\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 20:26 . 2012-10-10 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 09:50 . 2012-10-10 09:50 -------- d-----w- c:\program files (x86)\Auslogics
2012-10-10 08:44 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 08:44 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 08:44 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 08:44 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 08:44 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 08:44 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 08:44 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 08:44 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 08:44 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 08:44 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 19:53 . 2012-10-10 09:44 -------- d-----w- C:\UsbFix
2012-10-09 19:44 . 2012-10-09 19:45 -------- d-----w- c:\program files\trend micro
2012-10-09 19:44 . 2012-10-09 19:45 -------- d-----w- C:\rsit
2012-10-09 10:41 . 2012-10-09 10:41 -------- d-----w- c:\program files\R
2012-10-09 10:37 . 2012-10-09 10:50 -------- d-----w- c:\programdata\VirtualizedApplications
2012-10-09 08:26 . 2012-10-09 08:26 -------- d-----w- c:\program files\Microsoft Office
2012-10-09 08:26 . 2012-10-08 16:20 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-10-09 06:01 . 2012-10-09 06:01 -------- d-----w- c:\program files\Western Digital
2012-10-08 21:35 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-08 21:13 . 2012-10-08 21:14 -------- d-----w- c:\programdata\MFAData
2012-10-08 21:13 . 2012-10-08 21:13 -------- d--h--w- c:\programdata\Common Files
2012-10-08 21:04 . 2012-10-08 21:04 -------- d-----w- c:\program files\Microsoft Silverlight
2012-10-08 21:04 . 2012-10-08 21:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-10-08 16:27 . 2012-10-08 16:27 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2012-10-08 16:26 . 2012-10-08 16:26 -------- d-----w- c:\program files (x86)\Wondershare
2012-10-07 03:15 . 2012-10-07 03:17 -------- d-----w- c:\program files (x86)\MSECache
2012-10-04 21:39 . 2012-10-04 21:40 -------- d--h--w- c:\program files (x86)\Zero G Registry
2012-10-04 21:17 . 2012-10-04 21:17 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-10-04 21:17 . 2012-10-04 21:17 -------- d-----w- c:\programdata\SPSS
2012-10-04 21:16 . 2012-10-04 21:16 -------- d-----w- c:\program files\Common Files\IBM
2012-10-04 21:16 . 2012-10-04 21:16 -------- d-----w- c:\program files\IBM
2012-10-04 21:16 . 2012-10-04 21:16 1025 ----a-w- c:\windows\SysWow64\sysprs7.dll
2012-10-04 21:13 . 2012-10-04 21:13 -------- d-----w- c:\program files (x86)\MagicDisc
2012-10-04 21:13 . 2009-02-24 16:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-10-04 21:13 . 2009-02-24 16:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-10-04 21:10 . 2012-10-04 21:10 -------- d-----w- c:\users\Public\CyberLink
2012-10-04 19:54 . 2012-10-04 20:07 -------- d-----w- c:\programdata\Nik Software
2012-10-04 19:54 . 2012-10-04 20:13 -------- d-----w- c:\program files\Nik Software
2012-10-04 19:42 . 2012-10-04 19:42 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-04 18:51 . 2012-10-04 18:51 -------- d-----w- c:\programdata\ESTsoft
2012-10-04 18:51 . 2012-10-04 18:51 -------- d-----w- c:\program files (x86)\ESTsoft
2012-10-04 18:24 . 2012-10-04 18:24 -------- d-----w- c:\program files (x86)\PhotoScape
2012-10-04 17:47 . 2012-10-04 17:47 -------- d-----w- c:\program files\Microsoft Research
2012-10-04 07:34 . 2012-10-04 07:34 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-04 07:34 . 2012-10-04 07:34 -------- d-----w- c:\windows\system32\Wat
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----r- c:\program files (x86)\Skype
2012-10-04 06:57 . 2012-10-04 06:57 -------- d-----w- c:\programdata\Skype
2012-10-04 06:54 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-10-04 06:49 . 2012-10-10 10:01 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-04 06:47 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-04 06:47 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-04 06:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-04 06:47 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-10-04 06:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-10-04 06:25 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-03 21:28 . 2012-10-03 21:29 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-10-03 21:11 . 2012-10-09 06:01 -------- d-----w- c:\programdata\Western Digital
2012-10-03 21:11 . 2012-10-09 06:01 -------- d-----w- c:\program files (x86)\Western Digital
2012-10-03 21:11 . 2012-10-03 21:11 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2012-10-03 21:03 . 2012-10-03 21:03 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 20:59 . 2012-10-03 20:59 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-03 20:49 . 2012-10-04 19:58 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-03 20:49 . 2012-10-04 19:45 -------- d-----w- c:\program files\Adobe
2012-10-03 20:47 . 2012-10-03 20:47 -------- d-----w- C:\Lenovo
2012-10-03 20:17 . 2012-10-10 09:53 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-03 20:06 . 2012-10-03 20:11 -------- d-----w- C:\Templenovo
2012-10-03 20:02 . 2012-10-03 20:47 -------- d-----w- c:\programdata\CyberLink
2012-10-03 20:02 . 2012-10-03 20:02 -------- d-----w- c:\program files (x86)\Cyberlink
2012-10-03 19:48 . 2012-10-03 19:49 -------- d-----w- c:\program files (x86)\EIZO
2012-10-03 19:48 . 2012-10-03 19:48 -------- d-----w- c:\programdata\EIZO
2012-10-03 19:14 . 2011-05-25 12:09 49152 ----a-w- c:\windows\SysWow64\UMonit.exe
2012-10-03 19:14 . 2011-05-25 09:57 8323072 ----a-w- c:\windows\system32\GeneIcon.dll
2012-10-03 19:14 . 2009-10-26 07:52 139264 ----a-w- c:\windows\SysWow64\ustor.dll
2012-10-03 19:14 . 2011-05-18 05:50 58368 ----a-w- c:\windows\system32\drivers\GeneStor.sys
2012-10-03 19:14 . 2009-07-14 06:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-10-03 19:14 . 2008-02-04 13:43 172097 ----a-w- c:\windows\SysWow64\NoMSGuninstall.exe
2012-10-03 19:10 . 2012-10-03 19:10 -------- d-----w- c:\programdata\Lenovo
2012-10-03 19:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-03 19:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-03 19:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-03 19:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-03 19:05 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-03 19:05 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-03 19:05 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-03 19:05 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-03 19:05 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-03 19:02 . 2012-10-10 18:43 -------- d-----w- c:\users\Weruska
2012-10-03 19:01 . 2012-10-03 19:01 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 21:03 . 2012-06-08 21:23 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-03 19:52 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-20 17:38 . 2012-10-10 08:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-07-13 02:08 . 2012-07-13 02:08 66560 ----a-w- c:\windows\SysWow64\nlssrv32.exe
2011-04-13 17:58 34049952 --sh--w- c:\windows\setupa.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"ModeSwitch"="c:\program files\Lenovo\Power Control Switch\LitModeSwitch.exe" [2011-12-20 712192]
"LVT"="c:\program files\Lenovo\LVT\LJYZ.exe" [2011-11-24 886112]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
"ScreenManager Pro for LCD (DDCCI)"="c:\program files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe" [2011-06-15 4875632]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Nástroj WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-06-13 1688008]
"Nástroj WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
.
c:\users\Weruska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Weruska\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EIZO ScreenSlicer.lnk - c:\windows\Installer\{292A177D-723F-4537-9985-BC8BFCD8B63D}\NewShortcut1_ECE901F38F8D425291BF1815F96683B4.exe [2012-10-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-08 136176]
R3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Control Switch\LitModeCtrl.exe [2011-11-07 101888]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-10 115168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\drivers\rusb3hub.sys [2011-11-21 101376]
R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\drivers\rusb3xhc.sys [2011-11-21 217088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-04 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-16 32768]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [2011-11-05 37888]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-07-13 66560]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-13 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys [2011-05-18 58368]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-03 874088]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-12-16 14464]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - mfeavfk01
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Weruska\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-09-05 12850792]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2011-05-25 49152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Weruska\AppData\Roaming\Mozilla\Firefox\Profiles\uc2czary.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-10-10 22:29:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-10 20:29
ComboFix2.txt 2012-10-10 20:08
ComboFix3.txt 2012-10-10 18:44
.
Před spuštěním: Volných bajtů: 557 772 492 800
Po spuštění: Volných bajtů: 557 658 701 824
.
- - End Of File - - CC9BF214163147BD81F815769F67055A

Nic se nedeje, jak se chova nas pacient? Stale si sam povida pres skype?

VIRY.CZ

Skype virus (opět)

Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)

Re: Skype virus (opět)