Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Preventivka

#1 Příspěvek od eMeL »

Dobry den, chcel by som poprosit o preventivnu kontrolu logu z RSIT. Dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by NTB at 2009-06-07 10:24:29
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 11 GB (8%) free of 141 GB
Total RAM: 2025 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:32, on 7. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\GRETECH\GomPlayer\GOM.exe
C:\Users\NTB\Desktop\RSIT.exe
C:\Program Files\HijackThis\NTB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll
O2 - BHO: IePasswordManagerHelper Class - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061609 serial=DR12WRD-9908499-GKF lang=CZ
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Alps Application Launcher Service (ApRunSvc) - Unknown owner - C:\Program Files\Apoint2K\ApRunSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10969 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-14 808248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-01-07 60704]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2008-06-07 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-09-30 68976]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-04 242976]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-10-27 431392]
"ACWlIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [2008-10-27 148768]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2008-06-25 3077432]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-09-01 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-09-01 124248]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2008-10-26 1527808]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-11-03 2540800]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-02-26 992816]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-25 487424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoWelcomeRegistration]
C:\Program Files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe [2008-07-16 47416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-02 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2008-03-17 752168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet\LiveUpdate.exe"="C:\Program Files\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet\LiveUpdateEx.exe"="C:\Program Files\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-07 10:24:29 ----D---- C:\rsit
2009-06-01 07:59:01 ----D---- C:\Users\NTB\AppData\Roaming\Corel
2009-06-01 07:58:11 ----D---- C:\ProgramData\InstallShield
2009-06-01 07:57:10 ----D---- C:\Program Files\Common Files\Corel
2009-06-01 07:56:32 ----D---- C:\Program Files\Corel
2009-05-22 15:31:25 ----A---- C:\Windows\system32\msls31.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\ieui.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\icardie.dll
2009-05-22 15:31:25 ----A---- C:\Windows\system32\admparse.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\imgutil.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\iernonce.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\iepeers.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-22 15:31:24 ----A---- C:\Windows\system32\corpol.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-22 15:31:23 ----A---- C:\Windows\system32\wextract.exe
2009-05-22 15:31:23 ----A---- C:\Windows\system32\webcheck.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\occache.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\mstime.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\msrating.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-22 15:31:23 ----A---- C:\Windows\system32\inseng.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\iesetup.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\ieakui.dll
2009-05-22 15:31:23 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\vbscript.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\url.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\jscript.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-22 15:31:22 ----A---- C:\Windows\system32\advpack.dll
2009-05-22 15:31:21 ----A---- C:\Windows\system32\mshta.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\wininet.dll
2009-05-22 15:31:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\iexpress.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-22 15:31:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-22 15:31:20 ----A---- C:\Windows\system32\iertutil.dll
2009-05-22 15:31:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-22 15:31:19 ----A---- C:\Windows\system32\urlmon.dll
2009-05-22 15:31:19 ----A---- C:\Windows\system32\ieframe.dll
2009-05-22 15:31:18 ----A---- C:\Windows\system32\mshtml.dll
2009-05-12 14:16:04 ----HD---- C:\Windows\msdownld.tmp
2009-05-12 14:16:03 ----D---- C:\Windows\system32\directx
2009-05-12 13:45:04 ----A---- C:\Windows\system32\rmoc3260.dll
2009-05-12 13:45:04 ----A---- C:\Windows\system32\pndx5032.dll
2009-05-12 13:45:04 ----A---- C:\Windows\system32\pndx5016.dll
2009-05-12 13:45:03 ----A---- C:\Windows\system32\pncrt.dll
2009-05-12 13:45:02 ----A---- C:\Windows\system32\unrar.dll
2009-05-12 13:44:55 ----A---- C:\Windows\system32\yv12vfw.dll
2009-05-12 13:44:55 ----A---- C:\Windows\system32\xvidvfw.dll
2009-05-12 13:44:55 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-12 13:44:54 ----A---- C:\Windows\system32\qt-dx331.dll
2009-05-12 13:44:54 ----A---- C:\Windows\system32\dpl100.dll
2009-05-12 13:44:47 ----A---- C:\Windows\system32\divx.dll
2009-05-12 13:44:42 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-05-12 13:44:41 ----A---- C:\Windows\system32\pthreadGC2.dll
2009-05-12 13:44:41 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-12 13:44:39 ----D---- C:\Users\NTB\AppData\Roaming\Real
2009-05-12 13:44:39 ----D---- C:\ProgramData\Real

======List of files/folders modified in the last 1 months======

2009-06-07 10:24:33 ----D---- C:\Windows\temp
2009-06-07 10:24:32 ----D---- C:\Windows\Prefetch
2009-06-07 10:24:30 ----D---- C:\Program Files\HijackThis
2009-06-07 10:17:33 ----SHD---- C:\System Volume Information
2009-06-07 10:16:18 ----A---- C:\sysiclog.txt
2009-06-06 15:27:56 ----D---- C:\Users\NTB\AppData\Roaming\Skype
2009-06-06 14:47:48 ----D---- C:\Users\NTB\AppData\Roaming\skypePM
2009-06-06 14:45:38 ----AD---- C:\Windows
2009-06-06 11:28:03 ----D---- C:\Windows\tracing
2009-06-04 09:01:22 ----D---- C:\Windows\System32
2009-06-04 09:01:22 ----D---- C:\Windows\inf
2009-06-04 09:01:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-03 18:57:54 ----D---- C:\Windows\system32\FxsTmp
2009-06-01 10:10:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-01 07:58:29 ----SHD---- C:\Windows\Installer
2009-06-01 07:58:11 ----HD---- C:\ProgramData
2009-06-01 07:58:10 ----D---- C:\Windows\winsxs
2009-06-01 07:57:22 ----RSD---- C:\Windows\Fonts
2009-06-01 07:57:10 ----D---- C:\Program Files\Common Files
2009-06-01 07:57:07 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-01 07:57:07 ----D---- C:\Program Files\Common Files\DESIGNER
2009-06-01 07:57:03 ----SD---- C:\Windows\Downloaded Program Files
2009-06-01 07:56:32 ----RD---- C:\Program Files
2009-06-01 07:56:32 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-29 09:25:15 ----SD---- C:\Users\NTB\AppData\Roaming\Microsoft
2009-05-28 07:57:11 ----D---- C:\Program Files\Internet Explorer
2009-05-27 12:29:02 ----D---- C:\Windows\system32\catroot
2009-05-24 12:48:23 ----D---- C:\Windows\rescache
2009-05-22 16:07:00 ----D---- C:\Windows\system32\cs-CZ
2009-05-22 16:06:57 ----D---- C:\Windows\PolicyDefinitions
2009-05-22 16:06:56 ----D---- C:\Windows\system32\migration
2009-05-22 16:06:56 ----D---- C:\Windows\system32\en-US
2009-05-22 15:38:07 ----D---- C:\ProgramData\Microsoft Help
2009-05-22 15:37:49 ----RSD---- C:\Windows\assembly
2009-05-22 15:36:06 ----D---- C:\Program Files\Microsoft Works
2009-05-22 15:34:44 ----A---- C:\Windows\win.ini
2009-05-22 15:33:08 ----D---- C:\Windows\system32\catroot2
2009-05-19 18:53:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-19 18:49:54 ----D---- C:\Windows\Debug
2009-05-14 10:21:26 ----D---- C:\Program Files\Windows Mail
2009-05-12 14:16:06 ----D---- C:\Windows\Logs
2009-05-12 13:45:35 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-11 23:43:51 ----D---- C:\Users\NTB\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-02 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2009-01-15 11552]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-04-09 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2009-01-07 33536]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-23 3698688]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-10-26 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-11-26 256512]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2008-11-12 17408]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-07-17 89088]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2008-02-23 37312]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 tvtumon;tvtumon; C:\Windows\system32\DRIVERS\tvtumon.sys [2008-05-25 48192]
S3 au59u3pl;au59u3pl; C:\Windows\system32\drivers\au59u3pl.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-17 23040]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-17 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-17 30208]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2009-02-05 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-02-05 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-02-05 81288]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-04-19 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-10-27 116000]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-10-27 238880]
R2 ApRunSvc;Alps Application Launcher Service; C:\Program Files\Apoint2K\ApRunSvc.exe [2007-07-23 36864]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-23 692224]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2008-10-26 1676536]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-17 518696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2008-10-26 98304]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-01-15 66848]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2008-06-14 746808]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2008-05-15 37416]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2008-10-24 58736]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-14 779576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-01-06 603904]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-06-06 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-25 1155072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2008-10-26 106496]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-02-05 1079176]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-01-06 360192]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#2 Příspěvek od Tom8sh16 »

Dobrý den, pošlete log z ComboFix, viz. můj podpis

:arrow: Stáhněte na plochu :!: Ukončete všechna aktivní okna a spusťte ComboFix.
:arrow: Po spuštění potvrďte podmínky užití
:arrow: Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken
:arrow: Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt
:arrow: ComboFix je třeba spustit pod účtem s právy administrátora.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#3 Příspěvek od eMeL »

Nech sa paci, log z Combofixu.

ComboFix 09-06-07.07 - NTB . 06. 2009 22:06.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.421.1029.18.2025.1217 [GMT 2:00]
Running from: c:\users\NTB\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\NTB\AppData\Roaming\BITS
c:\users\NTB\AppData\Roaming\BITS\BITS.ini
c:\users\NTB\AppData\Roaming\BITS\DHTTable.dat
c:\users\NTB\AppData\Roaming\BITS\ProxyList.ini
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent.~tmp
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent.bits
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent.filelist
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent.hybridlist
c:\users\NTB\AppData\Roaming\BITS\Torrent\20090425125625.torrent.seeds

.
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 20:13 . 2009-06-08 20:13 -------- d-sh--w- \$RECYCLE.BIN
2009-06-08 20:10 . 2009-06-08 20:14 -------- d-----w- c:\users\NTB\AppData\Local\temp
2009-06-08 20:10 . 2009-06-08 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-08 20:04 . 2009-06-08 20:14 -------- d-s---w- \ComboFix
2009-06-07 08:24 . 2009-06-07 08:24 -------- d-----w- C:\rsit
2009-06-07 08:24 . 2009-06-07 08:24 -------- d-----w- \rsit
2009-06-01 05:59 . 2009-06-01 05:59 -------- d-----w- c:\users\NTB\AppData\Roaming\Corel
2009-06-01 05:58 . 2009-06-01 05:58 -------- d-----w- c:\programdata\InstallShield
2009-06-01 05:57 . 2009-06-01 05:57 -------- d-----w- c:\program files\Common Files\Corel
2009-06-01 05:56 . 2009-06-01 05:56 -------- d-----w- c:\program files\Corel
2009-05-12 12:16 . 2009-05-12 12:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-12 11:45 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-05-12 11:44 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-12 11:44 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-12 11:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-12 11:44 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-05-12 11:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-05-12 11:44 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-05-12 11:44 . 2009-04-02 13:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 11:44 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-12 11:44 . 2009-05-12 11:44 -------- d-----w- c:\users\NTB\AppData\Local\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 20:13 . 2008-09-06 03:50 2122391552 --sha-w- \hiberfil.sys
2009-06-08 20:13 . 2008-09-06 03:42 2438217728 --sha-w- \pagefile.sys
2009-06-08 20:11 . 2008-09-06 03:48 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-08 11:10 . 2008-09-06 03:31 639960 ----a-w- c:\windows\system32\perfh005.dat
2009-06-08 11:10 . 2008-09-06 03:31 133266 ----a-w- c:\windows\system32\perfc005.dat
2009-06-06 13:27 . 2008-12-22 23:16 -------- d-----w- c:\users\NTB\AppData\Roaming\Skype
2009-06-06 12:47 . 2008-12-22 23:18 -------- d-----w- c:\users\NTB\AppData\Roaming\skypePM
2009-06-01 08:10 . 2008-12-22 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-01 05:59 . 2008-12-22 20:02 101432 ----a-w- c:\users\NTB\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 05:56 . 2008-09-06 03:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 11:13 . 2009-03-12 18:59 117760 ----a-w- c:\users\NTB\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 13:38 . 2008-09-06 04:24 -------- d-----w- c:\programdata\Microsoft Help
2009-05-22 13:36 . 2008-12-23 23:18 -------- d-----w- c:\program files\Microsoft Works
2009-05-19 16:53 . 2008-12-22 22:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-14 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 11:45 . 2008-12-22 22:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-11 21:43 . 2009-01-09 22:48 -------- d-----w- c:\users\NTB\AppData\Roaming\dvdcss
2009-05-02 10:05 . 2008-12-24 11:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-04-25 10:56 . 2009-01-10 19:15 -------- d-----w- c:\program files\FlashGet
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\program files\Cisco
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\program files\Common Files\Intel
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\programdata\Intel
2009-04-13 09:41 . 2009-04-13 09:37 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-04-13 09:39 . 2009-04-13 09:39 -------- d-----w- c:\users\NTB\AppData\Roaming\ACD Systems
2009-04-13 09:37 . 2009-04-13 09:37 -------- d-----w- c:\programdata\ACD Systems
2009-04-13 09:37 . 2009-04-13 09:37 -------- d-----w- c:\program files\ACD Systems
2009-03-17 03:38 . 2009-04-15 12:50 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 12:50 24064 ----a-w- c:\windows\system32\amxread.dll
2008-09-06 03:33 . 2008-09-06 03:31 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2008-10-26 1527808]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2008-06-07 181536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1094253716-645892524-681535231-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{70B06AAD-E6CE-4E1C-9AA3-C476B34138C1}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{69E7105F-E399-4540-A106-68243326302F}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{848D951E-EBFC-4688-B0EE-EE8287B9E8B9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53FA28B4-C0A5-457E-B48A-DD6238D81C8B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{6DB22625-9CF1-47BA-BBAF-389C710F9A14}c:\\miranda pack\\mir4nda-im-0.7.10-pack-v2.1\\miranda32.exe"= UDP:c:\miranda pack\mir4nda-im-0.7.10-pack-v2.1\miranda32.exe:Miranda IM
"UDP Query User{C2B277C6-476A-46D6-98AF-7F7BAD9057BF}c:\\miranda pack\\mir4nda-im-0.7.10-pack-v2.1\\miranda32.exe"= TCP:c:\miranda pack\mir4nda-im-0.7.10-pack-v2.1\miranda32.exe:Miranda IM
"TCP Query User{60F20238-E1DD-47F0-A235-6EF37120CC1F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{6F96614A-2532-4974-AF1A-EE207568E782}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{A872CAF5-4222-43A3-8A56-388217C167E3}c:\\program files\\mobiola web camera for s60\\backup\\webcam.exe"= UDP:c:\program files\mobiola web camera for s60\backup\webcam.exe:Mobiola Web Camera
"UDP Query User{F03976A4-5559-4085-BAAD-6ED5A6553DDE}c:\\program files\\mobiola web camera for s60\\backup\\webcam.exe"= TCP:c:\program files\mobiola web camera for s60\backup\webcam.exe:Mobiola Web Camera
"TCP Query User{BC4A290F-99E7-4324-84F1-19C225842EA0}c:\\program files\\mobiola web camera for s60\\webcam.exe"= UDP:c:\program files\mobiola web camera for s60\webcam.exe:Mobiola Web Camera
"UDP Query User{1490982E-E1D8-4457-B95C-59A4321A61AA}c:\\program files\\mobiola web camera for s60\\webcam.exe"= TCP:c:\program files\mobiola web camera for s60\webcam.exe:Mobiola Web Camera
"TCP Query User{CDFB9F09-AF8F-481B-9200-D8D6ABF33EEB}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:flashget
"UDP Query User{72AB7930-0381-48F9-AD1E-89E9A11727C0}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:flashget

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet\\FlashGet.exe"= c:\program files\FlashGet\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet\\LiveUpdate.exe"= c:\program files\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet\\LiveUpdateEx.exe"= c:\program files\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [15. 5. 2008 1:21 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [15. 5. 2008 1:21 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20. 5. 2008 4:12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15. 1. 2009 17:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15. 1. 2009 17:17 55024]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [6. 9. 2008 6:14 11552]
R2 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [10. 4. 2008 21:55 36864]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\System32\AtService.exe [26. 10. 2008 19:33 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\System32\DTS.exe [26. 10. 2008 19:38 98304]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24. 10. 2008 21:51 468224]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24. 11. 2008 23:31 29263712]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6. 9. 2008 6:14 66848]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [20. 5. 2008 4:00 58736]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [6. 1. 2009 13:46 603904]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [6. 6. 2008 18:26 520192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [26. 10. 2008 20:37 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [6. 9. 2008 5:24 181760]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [24. 12. 2008 14:35 17408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [1. 4. 2009 21:27 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23. 2. 2008 0:54 37312]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [25. 5. 2008 0:28 48192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [25. 5. 2008 0:28 360448]
S3 ADMonitor;AD Monitor;c:\windows\System32\ADMonitor.exe [26. 10. 2008 19:38 106496]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6. 9. 2008 5:54 29736]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [24. 12. 2008 14:35 9856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15. 1. 2009 17:17 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5. 2. 2009 20:08 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job
- c:\windows\system32\msfeedssync.exe [2009-05-22 11:31]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1264)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\oodag.exe
c:\program files\Apoint2K\Apoint.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\ThinkPad\Utilities\PWMUIAux.EXE
.
**************************************************************************
.
Completion time: 2009-06-08 22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 20:19
ComboFix2.txt 2009-02-05 21:11

Pre-Run: Volných bajtů: 11 862 016 000
Post-Run: Volných bajtů: 11 840 106 496

616 --- E O F --- 2009-05-28 05:57
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#4 Příspěvek od Tom8sh16 »

Dobrý den,

Přesuňte Combofix na plochu.

:!: K následujícímu úkonu je potřeba, abyste měl administrátorská práva :!:

Otevřete poznámkový blok (Notepad) a zkopírujte do něj následující text:

Kód: Vybrat vše

RegNull::
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix:
Obrázek
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#5 Příspěvek od eMeL »

Dobry den, prikladam novy log z Combofixu.

ComboFix 09-06-09.06 - NTB . 06. 2009 17:24.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.421.1029.18.2025.659 [GMT 2:00]
Running from: c:\users\NTB\Desktop\ComboFix.exe
Command switches used :: c:\users\NTB\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-10 15:27 . 2009-06-10 15:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-06-10 15:27 . 2009-06-10 15:27 -------- d-----w- C:\temp
2009-06-10 15:27 . 2009-06-10 15:27 -------- d-----w- \temp
2009-06-10 15:21 . 2009-06-10 15:27 -------- d-s---w- \ComboFix
2009-06-08 20:10 . 2009-06-10 15:27 -------- d-----w- c:\users\NTB\AppData\Local\temp
2009-06-07 08:24 . 2009-06-07 08:24 -------- d-----w- C:\rsit
2009-06-07 08:24 . 2009-06-07 08:24 -------- d-----w- \rsit
2009-06-01 05:59 . 2009-06-01 05:59 -------- d-----w- c:\users\NTB\AppData\Roaming\Corel
2009-06-01 05:58 . 2009-06-01 05:58 -------- d-----w- c:\programdata\InstallShield
2009-06-01 05:57 . 2009-06-01 05:57 -------- d-----w- c:\program files\Common Files\Corel
2009-06-01 05:56 . 2009-06-01 05:56 -------- d-----w- c:\program files\Corel
2009-05-12 12:16 . 2009-05-12 12:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-05-12 11:45 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-05-12 11:44 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-05-12 11:44 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-12 11:44 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-05-12 11:44 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-05-12 11:44 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-05-12 11:44 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll
2009-05-12 11:44 . 2009-04-02 13:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-12 11:44 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-05-12 11:44 . 2009-05-12 11:44 -------- d-----w- c:\users\NTB\AppData\Local\Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 14:39 . 2008-09-06 03:50 2124447744 --sha-w- \hiberfil.sys
2009-06-10 14:39 . 2008-09-06 03:42 2438217728 --sha-w- \pagefile.sys
2009-06-10 10:34 . 2008-09-06 03:48 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-09 18:02 . 2008-12-22 23:16 -------- d-----w- c:\users\NTB\AppData\Roaming\Skype
2009-06-09 16:51 . 2008-12-22 23:18 -------- d-----w- c:\users\NTB\AppData\Roaming\skypePM
2009-06-09 13:58 . 2008-09-06 03:31 639960 ----a-w- c:\windows\system32\perfh005.dat
2009-06-09 13:58 . 2008-09-06 03:31 133266 ----a-w- c:\windows\system32\perfc005.dat
2009-06-01 08:10 . 2008-12-22 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-01 05:59 . 2008-12-22 20:02 101432 ----a-w- c:\users\NTB\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 05:56 . 2008-09-06 03:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-24 11:13 . 2009-03-12 18:59 117760 ----a-w- c:\users\NTB\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 13:38 . 2008-09-06 04:24 -------- d-----w- c:\programdata\Microsoft Help
2009-05-22 13:36 . 2008-12-23 23:18 -------- d-----w- c:\program files\Microsoft Works
2009-05-19 16:53 . 2008-12-22 22:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-14 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 11:45 . 2008-12-22 22:43 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-11 21:43 . 2009-01-09 22:48 -------- d-----w- c:\users\NTB\AppData\Roaming\dvdcss
2009-05-02 10:05 . 2008-12-24 11:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-04-25 10:56 . 2009-01-10 19:15 -------- d-----w- c:\program files\FlashGet
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\program files\Cisco
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\program files\Common Files\Intel
2009-04-25 10:24 . 2009-04-25 10:24 -------- d-----w- c:\programdata\Intel
2009-04-13 09:41 . 2009-04-13 09:37 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-04-13 09:39 . 2009-04-13 09:39 -------- d-----w- c:\users\NTB\AppData\Roaming\ACD Systems
2009-04-13 09:37 . 2009-04-13 09:37 -------- d-----w- c:\programdata\ACD Systems
2009-04-13 09:37 . 2009-04-13 09:37 -------- d-----w- c:\program files\ACD Systems
2009-03-17 03:38 . 2009-04-15 12:50 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 12:50 24064 ----a-w- c:\windows\system32\amxread.dll
2008-09-06 03:33 . 2008-09-06 03:31 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-08_20.14.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-10 14:42 54074 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-21 01:58 . 2009-06-08 15:11 54074 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-22 18:52 . 2009-06-10 14:42 11846 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1094253716-645892524-681535231-1003_UserData.bin
+ 2008-12-22 23:09 . 2009-06-09 22:22 4648 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-22 23:09 . 2009-06-07 21:54 4648 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-10 14:39 . 2009-06-10 14:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-08 20:13 . 2009-06-08 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-08 20:13 . 2009-06-08 20:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-10 14:39 . 2009-06-10 14:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-22 19:51 . 2009-06-09 20:31 423724 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-06-10 14:42 112316 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 10:33 . 2009-06-08 11:10 636790 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-09 13:58 636790 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-08 11:10 119616 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-06-09 13:58 119616 c:\windows\System32\perfc009.dat
+ 2008-12-22 22:09 . 2009-06-09 22:22 4167872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-01-15 644384]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-01-15 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe" [2008-10-26 1527808]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe" [2004-06-22 729088]
"TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2008-06-07 181536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1094253716-645892524-681535231-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{70B06AAD-E6CE-4E1C-9AA3-C476B34138C1}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{69E7105F-E399-4540-A106-68243326302F}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{848D951E-EBFC-4688-B0EE-EE8287B9E8B9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53FA28B4-C0A5-457E-B48A-DD6238D81C8B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{6DB22625-9CF1-47BA-BBAF-389C710F9A14}c:\\miranda pack\\mir4nda-im-0.7.10-pack-v2.1\\miranda32.exe"= UDP:c:\miranda pack\mir4nda-im-0.7.10-pack-v2.1\miranda32.exe:Miranda IM
"UDP Query User{C2B277C6-476A-46D6-98AF-7F7BAD9057BF}c:\\miranda pack\\mir4nda-im-0.7.10-pack-v2.1\\miranda32.exe"= TCP:c:\miranda pack\mir4nda-im-0.7.10-pack-v2.1\miranda32.exe:Miranda IM
"TCP Query User{60F20238-E1DD-47F0-A235-6EF37120CC1F}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{6F96614A-2532-4974-AF1A-EE207568E782}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{A872CAF5-4222-43A3-8A56-388217C167E3}c:\\program files\\mobiola web camera for s60\\backup\\webcam.exe"= UDP:c:\program files\mobiola web camera for s60\backup\webcam.exe:Mobiola Web Camera
"UDP Query User{F03976A4-5559-4085-BAAD-6ED5A6553DDE}c:\\program files\\mobiola web camera for s60\\backup\\webcam.exe"= TCP:c:\program files\mobiola web camera for s60\backup\webcam.exe:Mobiola Web Camera
"TCP Query User{BC4A290F-99E7-4324-84F1-19C225842EA0}c:\\program files\\mobiola web camera for s60\\webcam.exe"= UDP:c:\program files\mobiola web camera for s60\webcam.exe:Mobiola Web Camera
"UDP Query User{1490982E-E1D8-4457-B95C-59A4321A61AA}c:\\program files\\mobiola web camera for s60\\webcam.exe"= TCP:c:\program files\mobiola web camera for s60\webcam.exe:Mobiola Web Camera
"TCP Query User{CDFB9F09-AF8F-481B-9200-D8D6ABF33EEB}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:flashget
"UDP Query User{72AB7930-0381-48F9-AD1E-89E9A11727C0}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:flashget

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet\\FlashGet.exe"= c:\program files\FlashGet\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet\\LiveUpdate.exe"= c:\program files\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet\\LiveUpdateEx.exe"= c:\program files\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [15. 5. 2008 1:21 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [15. 5. 2008 1:21 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20. 5. 2008 4:12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15. 1. 2009 17:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15. 1. 2009 17:17 55024]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [6. 9. 2008 6:14 11552]
R2 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [10. 4. 2008 21:55 36864]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\System32\AtService.exe [26. 10. 2008 19:33 1676536]
R2 dtsvc;Data Transfer Service;c:\windows\System32\DTS.exe [26. 10. 2008 19:38 98304]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24. 10. 2008 21:51 468224]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24. 11. 2008 23:31 29263712]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6. 9. 2008 6:14 66848]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [20. 5. 2008 4:00 58736]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [6. 1. 2009 13:46 603904]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [6. 6. 2008 18:26 520192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [26. 10. 2008 20:37 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [6. 9. 2008 5:24 181760]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [24. 12. 2008 14:35 17408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [1. 4. 2009 21:27 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23. 2. 2008 0:54 37312]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [25. 5. 2008 0:28 48192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [25. 5. 2008 0:28 360448]
S3 ADMonitor;AD Monitor;c:\windows\System32\ADMonitor.exe [26. 10. 2008 19:38 106496]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6. 9. 2008 5:54 29736]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [24. 12. 2008 14:35 9856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15. 1. 2009 17:17 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5. 2. 2009 20:08 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-12-12 23:32]

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job
- c:\windows\system32\msfeedssync.exe [2009-05-22 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 2\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 17:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4856)
c:\program files\RocketDock\RocketDock.dll
.
Completion time: 2009-06-10 17:29
ComboFix-quarantined-files.txt 2009-06-10 15:29
ComboFix2.txt 2009-06-08 20:19
ComboFix3.txt 2009-02-05 21:11

Pre-Run: 8 133 656 576
Post-Run: 8 211 050 496

575 --- E O F --- 2009-05-28 05:57
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#6 Příspěvek od Tom8sh16 »

Dobrý večer, vše vypadá ok :)

Použijte T-Cleaner, viz. můj podpis.
Pro potvrzení stiskněte vždy klávesu A nebo Enter (utilita může být označena antivirem jako vir - po použití ji smažte).

a ještě ATF Cleaner :arrow:

Kód: Vybrat vše

http://www.atribune.org/ccount/click.php?id=1
Po spuštění staženého souboru se objeví okno:
Obrázek
Zatrhněte Select All, klikněte na Empty Selected + všechny aktivní záložky (nahoře) - Main, Firefox + Opera a pak Exit

Potom už jen restartujte PC :-)

A je to vše :James008:
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#7 Příspěvek od eMeL »

Dobry den, chcel by som poziadat o kontrolu logu z RSIT pretoze notebook sa chova troska divne a nechce sa vypnut, musim ho vypinat manualne, inak restart a vypnutie este pred nalogovanim zvlada normalne. Dakujem velmi pekne za pomoc a prikladam log z RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by NTB at 2009-12-10 07:45:07
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 37 GB (26%) free of 141 GB
Total RAM: 1977 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:30, on 10. 12. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Windows\System32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\NTB\Desktop\TRANSLAT\WDICT32.EXE
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\NTB\Downloads\RSIT.exe
C:\Program Files\HijackThis\NTB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: T-Mobile Communication Centre.lnk = C:\Program Files\T-Mobile Communication Centre\TMCC.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Alps Application Launcher Service (ApRunSvc) - Unknown owner - C:\Program Files\Apoint2K\ApRunSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
O23 - Service: FOFDM Upgrade (FOFDMUpgrade) - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12281 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2009-03-04 816440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-05-29 61728]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-02-02 181536]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-03-13 68976]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-10-08 256576]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2009-04-24 435488]
"ACWlIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [2009-04-24 177440]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2009-03-04 3093816]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2009-01-29 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2009-01-29 124248]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2009-03-19 1527808]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-11-03 2540800]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-02-26 992816]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-25 487424]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"LENOVO.TPFNF6R"=C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [2009-04-14 15136]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe [2009-04-29 424512]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoWelcomeRegistration]
C:\Program Files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe [2008-07-16 47416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-02 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2008-03-17 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE [2009-11-05 2057536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE [2009-11-05 9116480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
T-Mobile Communication Centre.lnk - C:\Program Files\T-Mobile Communication Centre\TMCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet\LiveUpdate.exe"="C:\Program Files\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet\LiveUpdateEx.exe"="C:\Program Files\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-10 07:45:07 ----D---- C:\rsit
2009-12-09 15:58:13 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 15:58:09 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 13:03:08 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 13:03:00 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 13:02:58 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 13:02:57 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 13:02:57 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 13:02:56 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 13:02:56 ----A---- C:\Windows\system32\occache.dll
2009-12-09 13:02:56 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 13:02:56 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 13:02:54 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 13:02:54 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 13:02:54 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 13:02:54 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 13:02:53 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 13:02:53 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 13:02:53 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 13:02:53 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 13:02:52 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 13:02:52 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 13:01:43 ----A---- C:\Windows\system32\rastls.dll
2009-11-26 09:57:01 ----A---- C:\Windows\system32\tzres.dll
2009-11-26 09:56:01 ----D---- C:\Program Files\MSXML 4.0
2009-11-26 01:26:52 ----D---- C:\Program Files\Rockstar Games
2009-11-25 12:08:43 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 12:08:42 ----A---- C:\Windows\system32\msxml3.dll
2009-11-21 01:04:06 ----D---- C:\Program Files\Western Digital
2009-11-21 01:00:18 ----D---- C:\Users\NTB\AppData\Roaming\Western DigitalTemp
2009-11-21 01:00:05 ----D---- C:\ProgramData\Western Digital
2009-11-21 00:50:48 ----D---- C:\Users\NTB\AppData\Roaming\Western Digital
2009-11-19 02:26:40 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 15:05:13 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 15:05:12 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 15:05:11 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 15:04:20 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 15:04:18 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 15:04:13 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 15:04:13 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 15:04:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 15:04:13 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 15:04:13 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 15:04:12 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 15:04:12 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 15:04:12 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 15:04:11 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 15:04:11 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 15:04:11 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 15:04:11 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 15:04:11 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 15:03:14 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 15:03:14 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 15:03:13 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 15:03:11 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 15:03:07 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-18 15:03:07 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 15:03:06 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 14:59:37 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 14:59:35 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 14:59:35 ----A---- C:\Windows\system32\oleacc.dll
2009-11-17 11:33:59 ----A---- C:\Windows\system32\javaws.exe
2009-11-17 11:33:59 ----A---- C:\Windows\system32\javaw.exe
2009-11-17 11:33:59 ----A---- C:\Windows\system32\java.exe
2009-11-12 00:38:36 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-11 01:24:52 ----D---- C:\Windows\system32\eu-ES
2009-11-11 01:24:52 ----D---- C:\Windows\system32\ca-ES
2009-11-11 01:24:45 ----D---- C:\Windows\system32\vi-VN

======List of files/folders modified in the last 1 months======

2009-12-10 07:45:28 ----D---- C:\Windows\temp
2009-12-10 07:45:09 ----D---- C:\Program Files\HijackThis
2009-12-10 07:08:28 ----D---- C:\Windows\tracing
2009-12-10 07:08:15 ----A---- C:\sysiclog.txt
2009-12-09 16:22:03 ----D---- C:\Windows\rescache
2009-12-09 16:17:13 ----D---- C:\Windows\winsxs
2009-12-09 16:07:05 ----D---- C:\Windows\system32\catroot
2009-12-09 16:01:53 ----D---- C:\Windows\system32\migration
2009-12-09 16:01:53 ----D---- C:\Windows\System32
2009-12-09 16:01:50 ----D---- C:\Windows\system32\cs-CZ
2009-12-09 16:01:50 ----D---- C:\Program Files\Internet Explorer
2009-12-09 16:01:49 ----D---- C:\Windows\system32\drivers
2009-12-09 16:01:49 ----D---- C:\Program Files\Windows Mail
2009-12-09 16:00:26 ----SHD---- C:\Windows\Installer
2009-12-09 16:00:23 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 15:58:56 ----D---- C:\Windows\system32\catroot2
2009-12-09 15:55:39 ----D---- C:\Windows\Debug
2009-12-09 15:54:15 ----SHD---- C:\System Volume Information
2009-12-09 13:17:24 ----D---- C:\Windows\Prefetch
2009-12-09 10:58:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-09 10:58:10 ----D---- C:\Windows\inf
2009-12-08 15:53:08 ----AD---- C:\Windows
2009-12-05 14:53:03 ----D---- C:\Users\NTB\AppData\Roaming\Skype
2009-12-05 13:50:46 ----D---- C:\Users\NTB\AppData\Roaming\skypePM
2009-12-04 02:08:13 ----D---- C:\Users\NTB\AppData\Roaming\LimeWire
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 15:45:56 ----D---- C:\Users\NTB\AppData\Roaming\vlc
2009-11-29 15:44:17 ----D---- C:\Users\NTB\AppData\Roaming\dvdcss
2009-11-29 13:52:47 ----D---- C:\Windows\pss
2009-11-26 09:56:01 ----RD---- C:\Program Files
2009-11-26 01:26:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-21 01:00:05 ----HD---- C:\ProgramData
2009-11-21 00:36:39 ----D---- C:\Windows\system32\Tasks
2009-11-19 02:26:39 ----D---- C:\Windows\system32\wbem
2009-11-19 02:26:36 ----D---- C:\Windows\system32\zh-HK
2009-11-19 02:26:36 ----D---- C:\Windows\system32\uk-UA
2009-11-19 02:26:36 ----D---- C:\Windows\system32\sl-SI
2009-11-19 02:26:36 ----D---- C:\Windows\system32\pt-PT
2009-11-19 02:26:36 ----D---- C:\Windows\system32\pt-BR
2009-11-19 02:26:36 ----D---- C:\Windows\system32\pl-PL
2009-11-19 02:26:36 ----D---- C:\Windows\system32\ko-KR
2009-11-19 02:26:36 ----D---- C:\Windows\system32\it-IT
2009-11-19 02:26:36 ----D---- C:\Windows\system32\hu-HU
2009-11-19 02:26:36 ----D---- C:\Windows\system32\hr-HR
2009-11-19 02:26:36 ----D---- C:\Windows\system32\he-IL
2009-11-19 02:26:36 ----D---- C:\Windows\system32\el-GR
2009-11-19 02:26:36 ----D---- C:\Windows\system32\bg-BG
2009-11-19 02:26:35 ----D---- C:\Windows\system32\zh-TW
2009-11-19 02:26:35 ----D---- C:\Windows\system32\zh-CN
2009-11-19 02:26:35 ----D---- C:\Windows\system32\tr-TR
2009-11-19 02:26:35 ----D---- C:\Windows\system32\th-TH
2009-11-19 02:26:35 ----D---- C:\Windows\system32\sv-SE
2009-11-19 02:26:35 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-19 02:26:35 ----D---- C:\Windows\system32\sk-SK
2009-11-19 02:26:35 ----D---- C:\Windows\system32\ru-RU
2009-11-19 02:26:35 ----D---- C:\Windows\system32\ro-RO
2009-11-19 02:26:35 ----D---- C:\Windows\system32\nl-NL
2009-11-19 02:26:35 ----D---- C:\Windows\system32\nb-NO
2009-11-19 02:26:35 ----D---- C:\Windows\system32\lv-LV
2009-11-19 02:26:35 ----D---- C:\Windows\system32\lt-LT
2009-11-19 02:26:35 ----D---- C:\Windows\system32\ja-JP
2009-11-19 02:26:35 ----D---- C:\Windows\system32\fr-FR
2009-11-19 02:26:35 ----D---- C:\Windows\system32\fi-FI
2009-11-19 02:26:35 ----D---- C:\Windows\system32\et-EE
2009-11-19 02:26:35 ----D---- C:\Windows\system32\es-ES
2009-11-19 02:26:35 ----D---- C:\Windows\system32\en-US
2009-11-19 02:26:35 ----D---- C:\Windows\system32\de-DE
2009-11-19 02:26:35 ----D---- C:\Windows\system32\da-DK
2009-11-19 02:26:35 ----D---- C:\Windows\system32\ar-SA
2009-11-17 11:33:58 ----D---- C:\Program Files\Java
2009-11-14 03:09:10 ----D---- C:\Windows\Microsoft.NET
2009-11-14 03:08:46 ----RSD---- C:\Windows\assembly
2009-11-11 01:27:15 ----D---- C:\Program Files\Windows Calendar
2009-11-11 01:27:14 ----D---- C:\Program Files\Movie Maker
2009-11-11 01:27:13 ----D---- C:\Program Files\Windows Sidebar
2009-11-11 01:27:13 ----D---- C:\Program Files\Windows Media Player
2009-11-11 01:27:12 ----D---- C:\Program Files\Windows Collaboration
2009-11-11 01:27:11 ----D---- C:\Program Files\Windows Journal
2009-11-11 01:27:08 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-11 01:27:08 ----D---- C:\Program Files\Common Files\System
2009-11-11 01:26:59 ----D---- C:\Program Files\Windows Defender
2009-11-11 01:26:58 ----D---- C:\Windows\servicing
2009-11-11 01:26:41 ----D---- C:\Windows\PolicyDefinitions
2009-11-11 01:26:41 ----D---- C:\Windows\IME
2009-11-11 01:26:40 ----D---- C:\Windows\system32\XPSViewer
2009-11-11 01:26:39 ----D---- C:\Windows\system32\oobe
2009-11-11 01:26:35 ----D---- C:\Windows\system32\setup
2009-11-11 01:26:35 ----D---- C:\Windows\system32\cs
2009-11-11 01:26:35 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-11 01:26:29 ----D---- C:\Windows\system32\SLUI
2009-11-11 01:26:28 ----D---- C:\Windows\system32\manifeststore
2009-11-11 01:26:13 ----D---- C:\Windows\system32\migwiz
2009-11-11 01:25:03 ----RSD---- C:\Windows\Fonts
2009-11-11 01:25:03 ----D---- C:\Windows\AppPatch
2009-11-11 01:24:45 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-02 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2009-04-16 11552]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-04-09 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2009-01-07 33536]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-03-07 154672]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-23 3698688]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-03-19 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-05-08 455168]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2008-11-12 17408]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 tvtumon;tvtumon; C:\Windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 FlrnUSB;Leadtek USB Network Interface; C:\Windows\system32\DRIVERS\LtkUSB.sys [2009-09-28 41907]
S3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2009-02-05 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-02-05 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-02-05 81288]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-04-19 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2009-04-24 124192]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2009-04-24 238880]
R2 ApRunSvc;Alps Application Launcher Service; C:\Program Files\Apoint2K\ApRunSvc.exe [2007-07-23 36864]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-23 692224]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2009-03-19 1680632]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-17 518696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2009-03-19 98304]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 FMMService;Mobility Manager Service; C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [2009-09-28 40960]
R2 FOFDMUpgrade;FOFDM Upgrade; C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE [2009-04-06 180224]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-04-16 66848]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-03-04 750904]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2009-01-28 39976]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2009-03-04 779576]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-01-06 603904]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-06-06 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-25 1155072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 WDDMService;WD SmartWare Drive Manager; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-05 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2009-05-21 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2009-03-19 106496]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-02-05 1079176]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-01-06 360192]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#8 Příspěvek od Tom8sh16 »

Dobrý večer :)

Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#9 Příspěvek od eMeL »

Prikladam log z ComboFixu.

ComboFix 09-12-11.05 - NTB . 12. 2009 1:34.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.421.1029.18.1977.1198 [GMT 1:00]
Running from: c:\users\NTB\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\hkcrRT.reg

.
((((((((((((((((((((((((( Files Created from 2009-11-13 to 2009-12-13 )))))))))))))))))))))))))))))))
.

2009-12-13 00:41 . 2009-12-13 00:41 -------- d-----w- c:\users\NTB\AppData\Local\temp
2009-12-13 00:41 . 2009-12-13 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-13 00:41 . 2009-12-13 00:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-12-10 06:45 . 2009-12-10 06:45 -------- d-----w- C:\rsit
2009-12-09 14:58 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 14:58 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 14:58 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 12:03 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 12:01 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-26 08:57 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-26 08:56 . 2009-11-26 08:56 -------- d-----w- c:\program files\MSXML 4.0
2009-11-26 00:26 . 2009-11-26 00:26 -------- d-----w- c:\program files\Rockstar Games
2009-11-25 11:08 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 11:08 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-21 00:04 . 2009-11-21 00:04 -------- d-----w- c:\program files\Western Digital
2009-11-21 00:00 . 2009-11-21 00:05 -------- d-----w- c:\users\NTB\AppData\Roaming\Western DigitalTemp
2009-11-21 00:00 . 2009-11-21 00:05 -------- d-----w- c:\users\NTB\AppData\Local\Western DigitalTemp
2009-11-21 00:00 . 2009-11-21 00:00 -------- d-----w- c:\programdata\Western Digital
2009-11-20 23:51 . 2009-11-20 23:51 -------- d-----w- c:\users\NTB\AppData\Local\Western_Digital
2009-11-20 23:50 . 2009-11-20 23:50 -------- d-----w- c:\users\NTB\AppData\Roaming\Western Digital
2009-11-20 23:35 . 2009-11-20 23:35 -------- d-----w- c:\users\NTB\AppData\Local\Western Digital
2009-11-19 01:26 . 2009-11-19 01:26 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 14:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 14:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 14:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 14:03 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-18 13:59 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 13:59 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 13:59 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 00:22 . 2008-09-06 03:48 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-12 23:52 . 2009-02-16 12:54 680 ----a-w- c:\users\NTB\AppData\Local\d3d9caps.dat
2009-12-12 16:36 . 2009-08-29 12:27 -------- d-----w- c:\users\NTB\AppData\Roaming\vlc
2009-12-12 13:14 . 2008-12-22 23:16 -------- d-----w- c:\users\NTB\AppData\Roaming\Skype
2009-12-12 13:00 . 2008-12-22 23:18 -------- d-----w- c:\users\NTB\AppData\Roaming\skypePM
2009-12-09 15:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 15:00 . 2008-09-06 04:24 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 09:58 . 2008-09-06 03:31 639960 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 09:58 . 2008-09-06 03:31 133266 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 01:08 . 2009-09-18 23:54 -------- d-----w- c:\users\NTB\AppData\Roaming\LimeWire
2009-11-29 14:44 . 2009-01-09 22:48 -------- d-----w- c:\users\NTB\AppData\Roaming\dvdcss
2009-11-26 00:26 . 2008-09-06 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 06:40 . 2009-12-09 12:02 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 12:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 12:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 12:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-19 01:26 . 2009-11-19 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-19 01:26 . 2009-11-19 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-17 10:33 . 2008-09-06 04:10 -------- d-----w- c:\program files\Java
2009-11-11 00:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-11 00:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-11 00:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-11 00:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-11 00:27 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-11 00:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-07 12:08 . 2008-12-24 11:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2009-10-27 05:27 . 2009-10-27 05:26 16134974 ----a-w- c:\users\NTB\AppData\Roaming\Paradoxx\PhoneReport\Updates\update_3.57.1.99.exe
2009-10-16 22:35 . 2008-09-06 04:27 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-11 03:17 . 2008-12-24 11:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-01 01:02 . 2009-11-18 14:03 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 14:03 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 14:03 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 14:03 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 14:03 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 14:03 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 14:03 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 14:03 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 14:03 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 14:03 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 14:03 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 14:03 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 14:03 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 14:03 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 14:03 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-28 13:12 . 2009-09-28 13:12 41907 ----a-w- c:\windows\system32\drivers\LtkUSB.sys
2009-09-25 02:10 . 2009-11-18 14:04 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 14:04 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 14:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 14:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 14:04 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 14:04 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 14:04 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 14:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 14:04 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 14:04 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 14:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 14:04 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 14:04 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 14:04 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 14:04 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 14:04 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 14:04 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 14:04 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 14:04 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-18 14:04 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-18 14:04 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 14:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 14:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 14:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 14:04 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 14:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 14:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-15 21:38 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2008-09-06 03:33 . 2008-09-06 03:31 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-26 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-29 61728]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-04-16 660768]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-04-16 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-24 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-04-24 177440]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-04 3093816]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-04-29 424512]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
T-Mobile Communication Centre.lnk - c:\program files\T-Mobile Communication Centre\TMCC.exe [2009-9-28 749568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2007-12-17 14:49 61440 ----a-w- c:\genius\ioCentre\gTaskBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoWelcomeRegistration]
2008-07-16 18:26 47416 ------w- c:\program files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ------w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-05-30 14:54 21718312 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-04-02 17:07 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,23,d0,5b,91,62,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1094253716-645892524-681535231-1003]
"EnableNotificationsRef"=dword:00000001

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [28. 1. 2009 16:57 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20. 5. 2008 3:12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15. 1. 2009 16:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15. 1. 2009 16:17 55024]
R2 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [10. 4. 2008 20:55 36864]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\System32\AtService.exe [19. 3. 2009 3:48 1680632]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24. 10. 2008 20:51 468224]
R2 FMMService;Mobility Manager Service;c:\progra~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [28. 9. 2009 14:12 40960]
R2 FOFDMUpgrade;FOFDM Upgrade;c:\progra~1\T-MOBI~1\FOFDMU~1.EXE [28. 9. 2009 14:12 180224]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6. 9. 2008 5:14 66848]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [20. 5. 2008 3:00 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [6. 6. 2008 17:26 520192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [5. 11. 2009 8:44 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16. 6. 2009 8:58 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [19. 3. 2009 20:09 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [6. 9. 2008 4:24 181760]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [24. 12. 2008 13:35 17408]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [1. 4. 2009 20:27 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [22. 2. 2008 23:54 37312]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13. 2. 2009 11:02 11520]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23. 12. 2008 11:38 717296]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [24. 5. 2008 23:28 48192]
S2 dtsvc;Data Transfer Service;c:\windows\System32\DTS.exe [19. 3. 2009 3:53 98304]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [21. 5. 2009 19:48 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [24. 5. 2008 23:28 360448]
S3 ADMonitor;AD Monitor;c:\windows\System32\ADMonitor.exe [19. 3. 2009 3:52 106496]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6. 9. 2008 4:54 29736]
S3 FlrnUSB;Leadtek USB Network Interface;c:\windows\System32\drivers\LtkUSB.sys [28. 9. 2009 14:12 41907]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21. 1. 2008 3:24 21504]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [24. 12. 2008 13:35 9856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15. 1. 2009 16:17 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5. 2. 2009 19:08 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox 3.1 Beta 2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 01:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-13 01:43:18
ComboFix-quarantined-files.txt 2009-12-13 00:43

Pre-Run: Volných bajtů: 41 919 684 608
Post-Run: Volných bajtů: 41 876 828 160

- - End Of File - - F941B851074E83847A4AFCE8766F6C29
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#10 Příspěvek od Tom8sh16 »

Vypadá to OK, jaký je stav PC?
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#11 Příspěvek od eMeL »

Stav PC je celkom fajn len stale pretrvavaju problemy, ze sa niekedy nechce vypnut alebo prejst do rezimu spanku popripade mu to trva nenormalne dlho, neviem cim by mohol byt tento stav sposobeny, ale dakujem velmi pekne za pomoc s kontrolou logu.
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#12 Příspěvek od Tom8sh16 »

Na dočištění použijte T-Cleaner, viz. můj podpis.
Pro potvrzení stiskněte vždy klávesu A nebo Enter (utilita může být označena antivirem jako vir - po použití ji smažte).


a ještě ATF Cleaner, viz. můj podpis
Po spuštění staženého souboru se objeví okno:
Obrázek
Zatrhněte Select All, klikněte na Empty Selected + všechny aktivní záložky (nahoře) - Main, Firefox + Opera a pak Exit

Potom už jen restartujte PC :-)


Zkoušel jste pročistit PC? Tím myslím např. CCleanerem, defragmentace, apod.
PC by se mělo zrychlit a některé problémy mohou být způsobeny např. nepořádkem na disku nebo v registrech :)
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#13 Příspěvek od eMeL »

Dobry vecer, chcel by som vas poprosit o kontrolu logu z RSIT pretoze mam problem s prehravanim viedii ci uz online alebo z hdd pretoze sa neustale kazdych 15 sekund sekaju, problem nie je v kodekoch ani v internetovom pripojeni, to som uz skusal takze problem bude niekde inde. Dochadza aj k zaseknutiu celeho pc na par sekund, takze sa nejedna len o videa.

Dakujem velmi pekne

Logfile of random's system information tool 1.06 (written by random/random)
Run by NTB at 2010-01-25 02:55:32
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 20 GB (14%) free of 141 GB
Total RAM: 1977 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:34, on 25. 1. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Windows\System32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\perfmon.exe
C:\Users\NTB\Desktop\RSIT.exe
C:\Program Files\HijackThis\NTB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files\T-Mobile Communication Centre\TMCC.exe
O4 - Global Startup: T-Mobile Communication Centre.lnk = C:\Program Files\T-Mobile Communication Centre\TMCC.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
O23 - Service: FOFDM Upgrade (FOFDMUpgrade) - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11542 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job
C:\Windows\tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - Lenovo ThinkVantage Toolbox - C:\Program Files\PC-Doctor\ATLPcdToolbar544928.dll [2009-11-22 137712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-08-04 62240]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2009-07-08 337184]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-03-13 68976]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-10-08 256576]
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog []
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2009-07-29 435488]
"ACWlIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe [2009-07-29 177440]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2009-07-23 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2009-07-23 124248]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2009-03-19 1527808]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-11-03 2540800]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-02-26 992816]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-10-24 1451264]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-25 487424]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"LENOVO.TPFNF6R"=C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [2009-08-20 62752]
"AMSG"=C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe [2009-09-03 436800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-09-09 176128]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
C:\Genius\ioCentre\gTaskBar.exe [2007-12-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoWelcomeRegistration]
C:\Program Files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe [2008-07-16 47416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-02 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2008-03-17 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\WDDRIV~1\WDDMST~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
C:\PROGRA~1\WESTER~1\WDSMAR~1\FRONTP~1\WDSMAR~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
T-Mobile Communication Center.lnk - C:\Program Files\T-Mobile Communication Centre\TMCC.exe
T-Mobile Communication Centre.lnk - C:\Program Files\T-Mobile Communication Centre\TMCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet\LiveUpdate.exe"="C:\Program Files\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet\LiveUpdateEx.exe"="C:\Program Files\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-25 02:52:33 ----D---- C:\rsit
2010-01-24 00:35:01 ----A---- C:\Windows\system32\UCI32A42.dll
2010-01-24 00:35:01 ----A---- C:\Windows\system32\CX32TP17.dll
2010-01-23 02:04:34 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 02:04:33 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 02:04:29 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 02:04:28 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 02:04:27 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 02:04:27 ----A---- C:\Windows\system32\occache.dll
2010-01-23 02:04:27 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 02:04:26 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 02:04:24 ----A---- C:\Windows\system32\ieui.dll
2010-01-23 02:04:23 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 02:04:23 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 02:04:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-23 02:04:22 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-23 02:04:21 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 02:04:20 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-23 02:04:20 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-23 02:04:19 ----A---- C:\Windows\system32\iesetup.dll
2010-01-23 02:04:19 ----A---- C:\Windows\system32\iernonce.dll
2010-01-18 02:16:05 ----D---- C:\Users\NTB\AppData\Roaming\Google
2010-01-18 02:12:44 ----D---- C:\Program Files\Google
2010-01-18 02:12:43 ----D---- C:\ProgramData\Google
2010-01-14 00:56:55 ----D---- C:\Config.Msi
2010-01-13 19:03:10 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 19:03:10 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 22:11:36 ----A---- C:\Windows\system32\SkinCrafter3_vs2005.dll

======List of files/folders modified in the last 1 months======

2010-01-25 02:55:34 ----D---- C:\Program Files\HijackThis
2010-01-25 02:55:33 ----D---- C:\Windows\temp
2010-01-25 02:47:44 ----D---- C:\Users\NTB\AppData\Roaming\vlc
2010-01-25 01:27:40 ----SHD---- C:\Windows\Installer
2010-01-25 00:08:42 ----D---- C:\Users\NTB\AppData\Roaming\Skype
2010-01-25 00:00:38 ----D---- C:\Users\NTB\AppData\Roaming\skypePM
2010-01-24 23:26:15 ----D---- C:\Windows\tracing
2010-01-24 23:24:51 ----D---- C:\Windows\System32
2010-01-24 23:24:51 ----D---- C:\Windows\inf
2010-01-24 23:24:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-24 21:36:53 ----A---- C:\sysiclog.txt
2010-01-24 11:19:17 ----SHD---- C:\System Volume Information
2010-01-24 11:13:51 ----D---- C:\Windows\system32\migration
2010-01-24 11:13:46 ----D---- C:\Windows\Prefetch
2010-01-24 11:13:43 ----D---- C:\Program Files\Internet Explorer
2010-01-24 11:13:40 ----AD---- C:\Windows
2010-01-24 00:36:28 ----D---- C:\Windows\system32\drivers
2010-01-24 00:36:20 ----D---- C:\Windows\system32\catroot
2010-01-23 12:32:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-23 03:02:16 ----D---- C:\Windows\winsxs
2010-01-23 02:01:00 ----D---- C:\Windows\system32\catroot2
2010-01-18 02:12:44 ----RD---- C:\Program Files
2010-01-18 02:12:43 ----D---- C:\ProgramData
2010-01-16 14:04:09 ----D---- C:\Windows\Help
2010-01-16 14:04:08 ----D---- C:\Program Files\Common Files\Lenovo
2010-01-16 14:04:05 ----D---- C:\Program Files\Lenovo
2010-01-16 13:46:23 ----D---- C:\Users\NTB\AppData\Roaming\Western Digital
2010-01-16 13:39:41 ----AD---- C:\ProgramData\TEMP
2010-01-14 21:03:10 ----D---- C:\Windows\Debug
2010-01-14 16:35:17 ----D---- C:\Users\NTB\AppData\Roaming\LimeWire
2010-01-14 02:49:55 ----D---- C:\ProgramData\Microsoft Help
2010-01-14 02:49:31 ----D---- C:\Program Files\Windows Mail
2010-01-11 22:11:38 ----D---- C:\Program Files\T-Mobile Communication Centre
2010-01-10 22:53:43 ----D---- C:\Users\NTB\AppData\Roaming\dvdcss
2010-01-06 12:55:03 ----D---- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-01 13:30:36 ----D---- C:\Windows\Tasks
2010-01-01 13:00:47 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-04-11 351744]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-02 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2009-09-09 11552]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-04-09 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2009-01-07 33536]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-09-09 154672]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-01 4172288]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2009-03-19 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-11-29 181760]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-10-27 460800]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\Windows\System32\Drivers\gHidPnp.Sys [2008-11-12 17408]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-03-25 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-03-25 207872]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2009-08-24 24872]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-04 4232704]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2008-09-25 31680]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-03-25 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 tvtumon;tvtumon; C:\Windows\system32\DRIVERS\tvtumon.sys [2008-05-24 48192]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 FlrnUSB;Leadtek USB Network Interface; C:\Windows\system32\DRIVERS\FlrnUSB.sys [2010-01-11 42213]
S3 gMouUsb;USB Mouse Device Drv; C:\Windows\system32\DRIVERS\gMouUsb.sys [2007-07-20 9856]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2009-02-05 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-02-05 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-02-05 81288]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-04-19 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2009-07-29 124192]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2009-07-29 238880]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-04-01 729088]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2009-03-19 1680632]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-03-17 518696]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2009-03-19 98304]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 FMMService;Mobility Manager Service; C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [2010-01-11 40960]
R2 FOFDMUpgrade;FOFDM Upgrade; C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE [2009-04-06 180224]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2009-08-24 38176]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2009-03-04 750904]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-01-06 603904]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-06-06 520192]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2008-06-06 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-25 1155072]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-10-09 360448]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2009-03-19 106496]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 19200]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-02-05 1079176]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2009-06-29 39976]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-01-06 360192]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-04-11 918528]
S4 ApRunSvc;Alps Application Launcher Service; C:\Program Files\Apoint2K\ApRunSvc.exe [2007-07-23 36864]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: Preventivka

#14 Příspěvek od Tom8sh16 »

Dobrý večer.

Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
eMeL
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 27 led 2009 14:16

Re: Preventivka

#15 Příspěvek od eMeL »

Dobrý večer,

Prikladám log z programi ComboFix:

ComboFix 10-01-26.06 - NTB . 01. 2010 19:29:56.5.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.421.1029.18.1977.813 [GMT 1:00]
Running from: c:\users\NTB\Downloads\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-27 18:37 . 2010-01-27 18:42 -------- d-----w- c:\users\NTB\AppData\Local\temp
2010-01-27 18:37 . 2010-01-27 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 18:37 . 2010-01-27 18:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-01-25 20:53 . 2010-01-25 20:53 -------- d-----w- c:\users\NTB\AppData\Local\Western_Digital
2010-01-25 20:51 . 2010-01-25 20:51 -------- d-----w- c:\program files\Western Digital
2010-01-25 01:52 . 2010-01-25 01:52 -------- d-----w- C:\rsit
2010-01-23 23:35 . 2009-10-27 13:15 460800 ----a-w- c:\windows\system32\drivers\CHDRT32.sys
2010-01-23 23:35 . 2009-10-06 08:51 1729024 ----a-w- c:\windows\system32\CX32TP17.dll
2010-01-23 23:35 . 2009-08-17 10:16 262144 ----a-w- c:\windows\system32\UCI32A42.dll
2010-01-23 22:21 . 2010-01-23 22:21 -------- d-----w- c:\users\NTB\AppData\Local\ACD Systems
2010-01-18 01:12 . 2010-01-18 01:12 -------- d-----w- c:\program files\Google
2010-01-14 00:27 . 2010-01-14 00:27 -------- d-----w- c:\users\NTB\AppData\Local\Conexant
2010-01-13 18:03 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 18:03 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 21:11 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-01-11 21:09 . 2010-01-11 21:09 42213 ----a-w- c:\windows\system32\drivers\FlrnUSB.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 18:38 . 2008-09-06 03:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-26 20:46 . 2009-08-29 12:27 -------- d-----w- c:\users\NTB\AppData\Roaming\vlc
2010-01-25 20:53 . 2009-11-20 23:50 -------- d-----w- c:\users\NTB\AppData\Roaming\Western Digital
2010-01-25 14:22 . 2008-09-06 03:31 639960 ----a-w- c:\windows\system32\perfh005.dat
2010-01-25 14:22 . 2008-09-06 03:31 133266 ----a-w- c:\windows\system32\perfc005.dat
2010-01-24 23:08 . 2008-12-22 23:16 -------- d-----w- c:\users\NTB\AppData\Roaming\Skype
2010-01-24 23:00 . 2008-12-22 23:18 -------- d-----w- c:\users\NTB\AppData\Roaming\skypePM
2010-01-23 11:32 . 2008-12-22 22:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-16 13:04 . 2008-09-06 04:06 -------- d-----w- c:\program files\Common Files\Lenovo
2010-01-16 13:04 . 2008-09-06 03:53 -------- d-----w- c:\program files\Lenovo
2010-01-14 15:35 . 2009-09-18 23:54 -------- d-----w- c:\users\NTB\AppData\Roaming\LimeWire
2010-01-14 01:49 . 2008-09-06 04:24 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 01:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 12:17 . 2010-01-13 17:59 79872 ----a-w- c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-01-12 12:17 . 2010-01-13 17:59 33280 ----a-w- c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-01-11 21:11 . 2009-09-28 13:12 -------- d-----w- c:\program files\T-Mobile Communication Centre
2010-01-11 21:07 . 2010-01-11 20:59 15737800 ----a-w- c:\users\NTB\AppData\Roaming\Paradoxx\PhoneReport\Updates\update_3.57.95.99.exe
2010-01-10 21:53 . 2009-01-09 22:48 -------- d-----w- c:\users\NTB\AppData\Roaming\dvdcss
2010-01-06 11:55 . 2008-12-24 11:54 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 2
2010-01-02 06:38 . 2010-01-23 01:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 01:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-23 01:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-23 01:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 10:36 . 2008-12-22 14:23 -------- d-----w- c:\program files\ICQ6.5
2009-12-22 17:55 . 2008-09-06 03:57 -------- d-----w- c:\program files\Apoint2K
2009-12-18 08:53 . 2009-12-18 08:53 -------- d-----w- c:\program files\ConvertHelper
2009-12-17 17:05 . 2009-12-17 17:05 -------- d-----w- c:\programdata\ATI
2009-12-17 16:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-17 16:25 . 2009-12-17 16:25 -------- d-----w- c:\program files\Common Files\Skype
2009-12-17 16:25 . 2008-12-22 22:27 -------- d-----r- c:\program files\Skype
2009-12-17 16:25 . 2008-12-22 22:27 -------- d-----w- c:\programdata\Skype
2009-12-17 16:10 . 2009-01-07 13:36 -------- d-----w- c:\programdata\PCDr
2009-12-17 15:55 . 2009-12-17 15:55 10134 ----a-r- c:\users\NTB\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
2009-12-17 15:54 . 2008-09-06 03:59 -------- d-----w- c:\program files\ATI Technologies
2009-12-17 15:50 . 2009-12-17 15:50 10134 ----a-r- c:\users\NTB\AppData\Roaming\Microsoft\Installer\{E415FC0B-E5C5-CD0D-8C6F-955B5CEB4C6B}\ARPPRODUCTICON.exe
2009-12-17 15:43 . 2008-09-06 03:55 -------- d-----w- c:\program files\Intel
2009-12-17 15:28 . 2009-12-17 15:26 -------- d-----w- c:\program files\PC-Doctor
2009-12-17 15:28 . 2009-12-17 15:28 -------- d-----w- c:\programdata\PC-Doctor for Windows
2009-12-17 13:37 . 2010-01-13 19:58 14912 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\LTTCheck.exe
2009-12-17 07:44 . 2010-01-13 19:58 560624 ----a-w- c:\programdata\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\appupdater.exe
2009-12-13 17:54 . 2008-12-22 23:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-12 23:52 . 2009-02-16 12:54 680 ----a-w- c:\users\NTB\AppData\Local\d3d9caps.dat
2009-11-20 10:12 . 2009-11-20 10:12 626688 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcr80.dll
2009-11-20 10:12 . 2009-11-20 10:12 548864 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcp80.dll
2009-11-20 10:12 . 2009-11-20 10:12 479232 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\msvcm80.dll
2009-11-20 10:12 . 2009-11-20 10:12 23552 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\CommandLine.dll
2009-11-20 10:12 . 2009-11-20 10:12 21504 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\startmenu-localizer.exe
2009-11-20 10:12 . 2009-11-20 10:12 1513472 ----a-w- c:\programdata\PC-Doctor for Windows\startmenu\Common.dll
2009-11-09 12:31 . 2009-12-09 14:58 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 14:58 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 14:58 411648 ----a-w- c:\windows\system32\drivers\http.sys
2008-09-06 03:33 . 2008-09-06 03:31 8192 --sh--w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-09-09 214576]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 435488]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-07-29 177440]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-09-09 176128]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Centre\TMCC.exe [2009-9-28 761856]
T-Mobile Communication Centre.lnk - c:\program files\T-Mobile Communication Centre\TMCC.exe [2009-9-28 761856]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ------w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2007-12-17 14:49 61440 ----a-w- c:\genius\ioCentre\gTaskBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoWelcomeRegistration]
2008-07-16 18:26 47416 ------w- c:\program files\Lenovo\Lenovo Welcome\ContentProviders\RegistrationContentProvider\RegistrationEngine\RegistrationEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ------w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-04-02 17:07 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):75,23,d0,5b,91,62,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1094253716-645892524-681535231-1003]
"EnableNotificationsRef"=dword:00000001

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [29. 6. 2009 13:51 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [20. 5. 2008 3:12 13480]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15. 1. 2009 16:17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15. 1. 2009 16:17 55024]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\System32\AtService.exe [19. 3. 2009 3:48 1680632]
R2 dtsvc;Data Transfer Service;c:\windows\System32\DTS.exe [19. 3. 2009 3:53 98304]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24. 10. 2008 20:51 468224]
R2 FMMService;Mobility Manager Service;c:\progra~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [28. 9. 2009 14:12 40960]
R2 FOFDMUpgrade;FOFDM Upgrade;c:\progra~1\T-MOBI~1\FOFDMU~1.EXE [28. 9. 2009 14:12 180224]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [6. 9. 2008 5:14 75040]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [20. 5. 2008 3:00 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [6. 6. 2008 17:26 520192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14. 10. 2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16. 6. 2009 9:58 20480]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [19. 3. 2009 20:09 482176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [6. 9. 2008 4:24 181760]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\System32\drivers\FlrnUSB.sys [11. 1. 2010 22:09 42213]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [1. 4. 2009 20:27 4232704]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [22. 2. 2008 23:54 37312]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13. 2. 2009 12:02 11520]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [24. 5. 2008 23:28 48192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [17. 12. 2009 16:32 45424]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [24. 5. 2008 23:28 360448]
S3 ADMonitor;AD Monitor;c:\windows\System32\ADMonitor.exe [19. 3. 2009 3:52 106496]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [6. 9. 2008 4:54 29736]
S3 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21. 1. 2008 3:24 21504]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [24. 12. 2008 13:35 17408]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [24. 12. 2008 13:35 9856]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\PC-Doctor\pcdsrvc.pkms [20. 11. 2009 11:12 20848]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15. 1. 2009 16:17 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5. 2. 2009 19:08 356920]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [10. 4. 2008 20:55 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]

2010-01-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:14]

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{1EDDAC56-3FA6-48AD-8608-69A501972711}.job
- c:\windows\system32\msfeedssync.exe [2010-01-23 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
mStart Page = about:blank
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Download All by FlashGet - c:\program files\FlashGet\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet\ComDlls\Bholink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\
FF - component: c:\users\NTB\AppData\Roaming\Mozilla\Firefox\Profiles\ce6lw6hn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 2\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-1094253716-645892524-681535231-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1608)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll
c:\program files\Lenovo\HOTKEY\hkvolkey.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\rundll32.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\ThinkVantage\AMSG\Amsg.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\ThinkPad\ConnectUtilities\ACGadgetWrapper.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2010-01-27 19:51:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-27 18:51
ComboFix2.txt 2009-12-13 00:43

Pre-Run: Volných bajtů: 24 010 682 368
Post-Run: Volných bajtů: 24 028 610 560

- - End Of File - - 63A57106BB1588CAE3B11497BAECC8A6
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“