vir z Facebooku

[motji]

Ještě nezoufejte. Máte když tak instalační cd na opravu?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[MaximusBrutus]

Ještě nezoufejte. Máte když tak instalační cd na opravu?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Ok provedu. CD na reinstalaci windowsu bohužel nemám.

[motji]

Zatím nezoufejte, naděje umírá poslední

[MaximusBrutus]

Zatím nezoufejte, naděje umírá poslední

Tak už to běží. Dal jsem automatický sken všeho a aby se to co se najde automaticky léčilo nebo mazalo. Sken bude podle programu trvat okolo 6 hodin.

[motji]

Dobře, pak ještě něco vyzkoušíme

[MaximusBrutus]

Dobře, pak ještě něco vyzkoušíme

No čas skenování se zvyšuje a když mi to najde vir tak mi to tam napíše cestu viru a password protected. Smazalo se to nebo ne ?

[motji]

Asi ne

[MaximusBrutus]

takže po dlouhé době skončila kontrola. Nevim jak to dopadlo v tomhle antiviru se moc nevyznám a jak to vypadá má v nouzovém režimu omezené funkce. Takže první log je zde : Status: Quarantined (events: 1)
20.7.2011 18:33:01 Quarantined virus HEUR:Trojan.Win32.Generic C:\Program Files\JoWooD Entertainment AG\ArcaniA - Gothic 4\SKIDROW.dll High

Ten jsem již smazal. Ještě tam byl nějakej z windowsu, jenže jsem u něho kliku nedopatřením na restored. Snad se nic nestalo. Druhej log jsem hodil na uložto, protože je strašně velkej.

http://www.ulozto.cz/9738497/log-z-avptool-2-txt

[motji]

Zkuste nabootovat do běžného režimu

[MaximusBrutus]

Při restartu pc jsem držel F8 a potvrdil spustit systém windows obvyklým způsobem, bohužel neúspěšné.

[motji]

Nemám win7, takže budeme zkoušet, než se vzbudí nějaký kolega s win7 .

Zkuste dát start - do volného políčka napište msconfig
Měl by jste se dostat na takovou kartu, nástroj pro konfiguraci systému.
Mrkněte pod záložku obecné, jestli tam máte zaškrtnuto spuštění v běžném režimu

[MaximusBrutus]

Nemám win7, takže budeme zkoušet, než se vzbudí nějaký kolega s win7 .

Zkuste dát start - do volného políčka napište msconfig
Měl by jste se dostat na takovou kartu, nástroj pro konfiguraci systému.
Mrkněte pod záložku obecné, jestli tam máte zaškrtnuto spuštění v běžném režimu

Mám tam zaškrtly normální spuštění. Načíst všechny ovladače zařízení a služby.

[motji]

Tak budeme ještě chvilku zkoušet Tohle je jen sken.

Stáhněte a spusťte http://users.telenet.be/marcvn/tools/reglooks.exe
- objeví se červené okno a program bude pracovat.
-po dokončení skenu na Vás vyskočí poznámkový blok result.txt- obsah sem zkopírujte
- v případě že na Vás nevyskočí, najdete ho zde c:\result.txt

[MaximusBrutus]

Tak budeme ještě chvilku zkoušet Tohle je jen sken.

Stáhněte a spusťte http://users.telenet.be/marcvn/tools/reglooks.exe
- objeví se červené okno a program bude pracovat.
-po dokončení skenu na Vás vyskočí poznámkový blok result.txt- obsah sem zkopírujte
- v případě že na Vás nevyskočí, najdete ho zde c:\result.txt

Zde je ten log :

REGLOOKS logfile - version 0.989
Scan started: źt 21.07.2011 20:41:35,77

--- INFORMATION ---

Manufacturer: Gigabyte Technology Co., Ltd. - Model: GA-770TA-UD3
Operating System: Microsoft Windows 7 Professional -- 6.1.7601 -- Service Pack 1 -- 32-bit
Install Date: 1.9.2010 13:07:42
Last Boot: 21.7.2011 20:29:01
Processor: AMD Athlon(tm) II X4 635 Processor
Number of Processors: 4
Work Station
Bootmode: Fail-safe with network boot
Total RAM: 3326 MB ( - 0%)

Computername: USER-PC
Domain: WORKGROUP
User: User (Administrator account)

Local Disk: C:\ - NTFS - 698 GB (free 194 GB)
CD \ DVD Drive: D:\

Bootdevice: \Device\HarddiskVolume1
Systemdrive: C:
Windowsdirectory: C:\Windows
Systemdirectory: C:\Windows\system32


Internet Explorer Version: 9.0.8112.16421

Windows update: 2011-07-08 11:11:25


DEP: ONN - DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services


--- System Restore Points ---

Restorepoint 605: 11.7.2011 21:08:15 - Application installation - Installed The Witcher 2
Restorepoint 606: 12.7.2011 12:25:47 - Unknown - Windows Update
Restorepoint 607: 14.7.2011 15:04:53 - Unknown - Windows Update
Restorepoint 608: 17.7.2011 21:48:01 - Unknown - Windows Update
Restorepoint 610: 18.7.2011 16:19:04 - Application uninstall - Windows Defender Checkpoint
Restorepoint 611: 18.7.2011 18:33:19 - Unknown - Windows Update
Restorepoint 612: 18.7.2011 19:47:32 - Application installation - Nainstalováno: ESET NOD32 Antivirus
Restorepoint 613: 18.7.2011 19:55:21 - Application installation - Nainstalováno: ESET Smart Security
Restorepoint 614: 18.7.2011 19:58:26 - Application installation - Nainstalováno: ESET NOD32 Antivirus
Restorepoint 615: 19.7.2011 10:21:53 - Application installation - Nainstalováno: ESET Smart Security


--- SIGCHECK ---

C:\Windows\explorer.exe -- [2616320] -- [25.02.2011 07:30] -- sigcheck OK
C:\Windows\system32\appmgmts.dll -- [149504] -- [14.07.2009 03:14] -- sigcheck OK
C:\Windows\system32\browser.dll -- [102400] -- [20.11.2010 14:18] -- sigcheck OK
C:\Windows\system32\comres.dll -- [1297408] -- [14.07.2009 03:04] -- sigcheck OK
C:\Windows\system32\comctl32.dll -- [530432] -- [20.11.2010 14:18] -- sigcheck OK
C:\Windows\system32\cryptsvc.dll -- [136192] -- [20.11.2010 14:18] -- sigcheck OK
C:\Windows\system32\ctfmon.exe -- [8704] -- [14.07.2009 03:14] -- sigcheck OK
C:\Windows\system32\es.dll -- [271360] -- [14.07.2009 03:15] -- sigcheck OK
C:\Windows\system32\eventlog.dll NOT found
C:\Windows\system32\ias.dll -- [19456] -- [14.07.2009 03:15] -- sigcheck OK
C:\Windows\system32\imm32.dll -- [118272] -- [20.11.2010 14:19] -- sigcheck OK
C:\Windows\system32\kernel32.dll -- [857600] -- [20.11.2010 14:19] -- sigcheck OK
C:\Windows\system32\linkinfo.dll -- [22016] -- [14.07.2009 03:15] -- sigcheck OK
C:\Windows\system32\lpk.dll -- [26624] -- [14.07.2009 03:15] -- sigcheck OK
C:\Windows\system32\lsass.exe -- [22528] -- [14.07.2009 03:14] -- sigcheck OK
C:\Windows\system32\mfc40u.dll -- [954288] -- [20.11.2010 14:19] -- sigcheck OK
C:\Windows\system32\msgsvc.dll NOT found
C:\Windows\system32\mshtml.dll -- [12269056] -- [06.07.2011 08:40] -- sigcheck OK
C:\Windows\system32\mspmsnsv.dll NOT found
C:\Windows\system32\mswsock.dll -- [232448] -- [20.11.2010 14:19] -- sigcheck OK
C:\Windows\system32\netlogon.dll -- [563712] -- [20.11.2010 14:20] -- sigcheck OK
C:\Windows\system32\netman.dll -- [280576] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\ntkrnlpa.exe -- [3967872] -- [09.04.2011 08:02] -- sigcheck OK
C:\Windows\system32\ntmssvc.dll NOT found
C:\Windows\system32\ntoskrnl.exe -- [3912576] -- [09.04.2011 08:02] -- sigcheck OK
C:\Windows\system32\pchsvc.dll NOT found
C:\Windows\system32\powrprof.dll -- [145408] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\qmgr.dll -- [585728] -- [20.11.2010 14:20] -- sigcheck OK
C:\Windows\system32\rasauto.dll -- [90624] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\regsvc.dll -- [112640] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\rpcss.dll -- [376832] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\scecli.dll -- [175616] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\schedsvc.dll -- [750592] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\services.exe -- [259072] -- [14.07.2009 03:14] -- sigcheck OK
C:\Windows\system32\sfc.dll -- [2560] -- [14.07.2009 03:10] -- sigcheck OK
C:\Windows\system32\sfcfiles.dll NOT found
C:\Windows\system32\spoolsv.exe -- [317440] -- [20.11.2010 14:17] -- sigcheck OK
C:\Windows\system32\srsvc.dll NOT found
C:\Windows\system32\ssdpsrv.dll -- [162816] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\svchost.exe -- [20992] -- [14.07.2009 03:14] -- sigcheck OK
C:\Windows\system32\tapisrv.dll -- [242176] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\termsrv.dll -- [521216] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\upnphost.dll -- [266752] -- [14.07.2009 03:16] -- sigcheck OK
C:\Windows\system32\user32.dll -- [811520] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\userinit.exe -- [26624] -- [20.11.2010 14:17] -- sigcheck OK
C:\Windows\system32\wininet.dll -- [1126912] -- [06.07.2011 08:40] -- sigcheck OK
C:\Windows\system32\winlogon.exe -- [286720] -- [20.11.2010 14:17] -- sigcheck OK
C:\Windows\system32\ws2_32.dll -- [206848] -- [20.11.2010 14:21] -- sigcheck OK
C:\Windows\system32\wscntfy.exe NOT found
C:\Windows\system32\wuauclt.exe -- [47104] -- [20.11.2010 14:17] -- sigcheck OK
C:\Windows\system32\xmlprov.dll NOT found
C:\Windows\system32\drivers\acpiec.sys NOT found
C:\Windows\system32\drivers\aec.sys NOT found
C:\Windows\system32\drivers\asyncmac.sys -- [17920] -- [14.07.2009 01:54] -- sigcheck OK
C:\Windows\system32\drivers\atapi.sys -- [21584] -- [14.07.2009 03:26] -- sigcheck OK
C:\Windows\system32\drivers\beep.sys -- [6144] -- [14.07.2009 01:45] -- sigcheck OK
C:\Windows\system32\drivers\classpnp.sys -- [140864] -- [14.07.2009 03:26] -- sigcheck OK
C:\Windows\system32\drivers\disk.sys -- [57424] -- [14.07.2009 03:20] -- sigcheck OK
C:\Windows\system32\drivers\iaStor.sys NOT found
C:\Windows\system32\drivers\ip6fw.sys NOT found
C:\Windows\system32\drivers\kbdclass.sys -- [42576] -- [14.07.2009 03:20] -- sigcheck OK
C:\Windows\system32\drivers\ndis.sys -- [712576] -- [20.11.2010 14:30] -- sigcheck OK
C:\Windows\system32\drivers\ntfs.sys -- [1211264] -- [11.03.2011 07:39] -- sigcheck OK
C:\Windows\system32\drivers\tcpip.sys -- [1290624] -- [25.04.2011 06:31] -- sigcheck OK


--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?]


--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]


--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
File: C:\Windows\system32\userinit.exe -- [26624] -- [20.11.2010 14:17]


--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\Windows\Explorer.exe -- [2616320] -- [25.02.2011 07:30]


--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"System"=""


--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"RequireSignedAppInit_DLLs"=dword:00000001
"AppInit_DLLs"=""


--- NOTIFY regkey ---



--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Run"=""
"Load"=""


--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" -- File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL -- [4222864] -- [25.03.2010 10:25]


--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl" -- File: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s -- [?]
"JMB36X IDE Setup" -- File C:\Windows\RaidTool\xInsIDE.exe -- [36864] -- [20.03.2007 08:36]
"NUSB3MON" -- File "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" -- [106496] -- [20.11.2009 13:17]
"NeroFilterCheck" -- File C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe -- [570664] -- [28.05.2008 08:27]
"BCSSync" -- File: "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices -- [?]
"CanonMyPrinter" -- File: C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon -- [?]
"CanonSolutionMenu" -- File: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon -- [?]
"Adobe Reader Speed Launcher" -- File "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" -- [37296] -- [08.06.2011 06:02]
"Adobe ARM" -- File "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" -- [937920] -- [30.03.2011 06:59]
"StartCCC" -- File: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun -- [?]
"ATICustomerCare" -- File "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" -- [311296] -- [04.05.2010 17:05]
"VC10Player" -- File C:\Program Files\Virtual CD v10\System\VC10Play.exe -- [411464] -- [14.04.2010 11:09]
"MSC" -- File: "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey -- [?]
"PWRISOVM.EXE" -- File C:\Program Files\PowerISO\PWRISOVM.EXE -- [180224] -- [12.04.2010 10:40]
"SunJavaUpdateSched" -- File "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [254696] -- [08.04.2011 12:59]
"Microsoft Default Manager" -- File: "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume -- [?]
"Malwarebytes' Anti-Malware (reboot)" -- File: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript -- [?]


--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" -- File: grpconv -o -- [?]
"Malwarebytes' Anti-Malware" -- File: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent -- [?]


--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found


--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found


--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
key not found


--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -- File "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [152872] -- [22.01.2008 11:13]
"DAEMON Tools Lite" -- File: "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [?]
"Steam" -- File: "C:\Program Files\Steam\Steam.exe" -silent -- [?]
"Skype" -- File: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [?]
"ICQ" -- File -- "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 -- [X]


--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
key not found


--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found


--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
no run values found


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
-- File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -- [75200] -- [22.09.2010 19:04]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
-- File: C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll -- [?]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
-- File: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll -- [191792] -- [27.07.2010 14:46]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
-- File: C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL -- [4222864] -- [25.03.2010 10:25]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [403840] -- [18.08.2009 12:32]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
-- File: C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -- [1164680] -- [16.05.2011 17:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
-- File: C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL -- [561552] -- [28.02.2010 02:20]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: C:\Program Files\Java\jre6\bin\jp2ssv.dll -- [42272] -- [04.05.2011 06:33]


--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -- File: C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -- [?]


--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found


--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{855F3B16-6D32-4fe6-8A56-BBB695989046} -- CLSID not found
{855F3B16-6D32-4fe6-8A56-BBB695989046} -- CLSID not found
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\Windows\System32\ieframe.dll -- [9703936] -- [06.07.2011 08:40]


--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found


--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\Windows\system32\cmd.exe -- [302592] -- [20.11.2010 14:17]


--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"
File: C:\Windows\system32\credssp.dll -- [17408] -- [20.11.2010 14:18]


--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\Windows\System32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\Windows\System32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install -- [?]


--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1394ohci]
-- File: \SystemRoot\system32\drivers\1394ohci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adp94xx]
-- File: \SystemRoot\system32\DRIVERS\adp94xx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpahci]
-- File: \SystemRoot\system32\DRIVERS\adpahci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu320]
-- File: \SystemRoot\system32\DRIVERS\adpu320.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdide]
-- File: \SystemRoot\system32\drivers\amdide.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdkmdag]
-- File: system32\DRIVERS\atikmdag.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdkmdap]
-- File: system32\DRIVERS\atikmpag.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdPPM]
-- File: system32\DRIVERS\amdppm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsata]
-- File: \SystemRoot\system32\drivers\amdsata.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsbs]
-- File: \SystemRoot\system32\DRIVERS\amdsbs.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdxata]
-- File: system32\drivers\amdxata.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppID]
-- File: \SystemRoot\system32\drivers\appid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arc]
-- File: \SystemRoot\system32\DRIVERS\arc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arcsas]
-- File: \SystemRoot\system32\DRIVERS\arcsas.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AxInstSV]
-- File: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b06bdrv]
-- File: \SystemRoot\system32\DRIVERS\bxvbdx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b57nd60x]
-- File: system32\DRIVERS\b57nd60x.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDESVC]
-- File: %SystemRoot%\System32\svchost.exe -k netsvcs -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blbdrive]
-- File: system32\DRIVERS\blbdrive.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BlueletAudio]
-- File: system32\DRIVERS\blueletaudio.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Brserid]
-- File: \SystemRoot\System32\Drivers\Brserid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrSerWdm]
-- File: \SystemRoot\System32\Drivers\BrSerWdm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BT]
-- File: system32\DRIVERS\btnetdrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BtHidBus]
-- File: System32\Drivers\BtHidBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHidEnum]
-- File: system32\DRIVERS\vbtenum.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHidMgr]
-- File: System32\Drivers\BTHidMgr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btnetBUs]
-- File: System32\Drivers\btnetBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\circlass]
-- File: system32\DRIVERS\circlass.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32]
-- File: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- [130384] -- [18.03.2010 13:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CNG]
-- File: System32\Drivers\cng.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CompositeBus]
-- File: \SystemRoot\system32\drivers\CompositeBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CrystalSysInfo]
-- File: \??\C:\Program Files\MediaCoder\SysInfo.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSC]
-- File: system32\drivers\csc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CscService]
-- File: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defragsvc]
-- File: %SystemRoot%\system32\svchost.exe -k defragsvc -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\discache]
-- File: System32\drivers\discache.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ebdrv]
-- File: \SystemRoot\system32\DRIVERS\evbdx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS]
-- File: %SystemRoot%\System32\lsass.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elxstor]
-- File: \SystemRoot\system32\DRIVERS\elxstor.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ErrDev]
-- File: \SystemRoot\system32\drivers\errdev.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ES lite Service]
-- File: "C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE" -- [68136] -- [24.08.2009 14:38]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exfat]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache]
-- File: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FsDepends]
-- File: System32\drivers\FsDepends.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fvevol]
-- File: System32\DRIVERS\fvevol.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gdrv]
-- File: \??\C:\Windows\gdrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hcw85cir]
-- File: \SystemRoot\system32\drivers\hcw85cir.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HH10Help.sys]
-- File: \??\C:\Windows\system32\drivers\HH10Help.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBatt]
-- File: \SystemRoot\system32\DRIVERS\HidBatt.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBth]
-- File: \SystemRoot\system32\DRIVERS\hidbth.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider]
-- File: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HpSAMD]
-- File: \SystemRoot\system32\drivers\HpSAMD.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwpolicy]
-- File: System32\drivers\hwpolicy.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV]
-- File: \SystemRoot\system32\drivers\iaStorV.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICQ Service]
-- File: C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- [247608] -- [21.11.2010 11:49]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iirsp]
-- File: \SystemRoot\system32\DRIVERS\iirsp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IJPLMSVC]
-- File: C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- [116104] -- [10.02.2009 17:01]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPMIDRV]
-- File: \SystemRoot\system32\drivers\IPMIDrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IvtBtBUs]
-- File: System32\Drivers\IvtBtBus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JMB36X]
-- File: C:\Windows\System32\XSrvSetup.exe -- [65536] -- [06.08.2009 07:51]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JRAID]
-- File: system32\DRIVERS\jraid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecPkg]
-- File: System32\Drivers\ksecpkg.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_FC]
-- File: \SystemRoot\system32\DRIVERS\lsi_fc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS]
-- File: \SystemRoot\system32\DRIVERS\lsi_sas.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS2]
-- File: \SystemRoot\system32\DRIVERS\lsi_sas2.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SCSI]
-- File: \SystemRoot\system32\DRIVERS\lsi_scsi.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector]
-- File: \??\C:\Windows\system32\drivers\mbam.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService]
-- File: "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy]
-- File: \??\C:\Windows\system32\drivers\mbamswissarmy.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc]
-- File: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\megasas]
-- File: \SystemRoot\system32\DRIVERS\megasas.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service]
-- File: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpFilter]
-- File: system32\DRIVERS\MpFilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpio]
-- File: \SystemRoot\system32\drivers\mpio.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl0856aac9]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{575638FC-8324-4391-8E40-73DF5F5F78A0}\MpKsl0856aac9.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl08c5a6bd]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EF5F91E-97E7-42FA-8B16-FC34F6B07D35}\MpKsl08c5a6bd.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl10a3ef9c]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55A03CCA-8A89-4B70-8559-18DC10564263}\MpKsl10a3ef9c.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl2c0c7dfa]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB8C8738-34A6-4B30-9916-EF3788640B3B}\MpKsl2c0c7dfa.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl34a70e3d]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86C17EDA-74E8-415B-8181-5FEA9320DCAB}\MpKsl34a70e3d.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl4c775cd8]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B512DD5-EC72-4846-9862-532F9152B8F0}\MpKsl4c775cd8.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl5089d058]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C63F2DDC-BE52-49A1-BB43-1D2C93E2F85E}\MpKsl5089d058.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl82e927da]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9B2265C9-72F6-4826-AAD5-3DD204110005}\MpKsl82e927da.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl9996d9fe]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2410AF9-2BB1-4359-8118-342CC0B0EFE7}\MpKsl9996d9fe.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsl9fbcda3e]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86C17EDA-74E8-415B-8181-5FEA9320DCAB}\MpKsl9fbcda3e.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKslb86f1c95]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{91E9B4E9-E0EA-4484-A685-F75198F58F8D}\MpKslb86f1c95.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKslc275244f]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D154B264-485F-46B1-BC0A-A0EC850F78D0}\MpKslc275244f.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpKsleb5765d6]
-- File: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05635216-FFB5-434E-9E76-9CEAA4ACAAE5}\MpKsleb5765d6.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpNWMon]
-- File: system32\DRIVERS\MpNWMon.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdsm]
-- File: \SystemRoot\system32\drivers\msdsm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mshidkmdf]
-- File: \SystemRoot\System32\drivers\mshidkmdf.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsMpSvc]
-- File: "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" -- [11736] -- [11.11.2010 13:26]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTConfig]
-- File: \SystemRoot\system32\DRIVERS\MTConfig.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]
-- File: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Inspection System]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfrd960]
-- File: \SystemRoot\system32\DRIVERS\nfrd960.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NisDrv]
-- File: system32\DRIVERS\NisDrvWFP.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\osppsvc]
-- File: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" -- [4640000] -- [09.01.2010 21:37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pccsmcfd]
-- File: system32\DRIVERS\pccsmcfd.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcw]
-- File: System32\drivers\pcw.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PeerDistSvc]
-- File: %SystemRoot%\System32\svchost.exe -k PeerDist -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PLFlash DeviceIoControl Service]
-- File: C:\Windows\system32\IoctlSvc.exe -- [81920] -- [19.12.2006 10:30]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Power]
-- File: %SystemRoot%\system32\svchost.exe -k DcomLaunch -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql2300]
-- File: \SystemRoot\system32\DRIVERS\ql2300.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql40xx]
-- File: \SystemRoot\system32\DRIVERS\ql40xx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAgileVpn]
-- File: system32\DRIVERS\AgileVpn.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasSstp]
-- File: system32\DRIVERS\rassstp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus]
-- File: system32\DRIVERS\rdpbus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPREFMP]
-- File: system32\drivers\rdprefmp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdyboost]
-- File: System32\drivers\rdyboost.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcEptMapper]
-- File: %SystemRoot%\system32\svchost.exe -k RPCSS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTHDMIAzAudService]
-- File: system32\drivers\RtHDMIV.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTL8167]
-- File: system32\DRIVERS\Rt86win7.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s3cap]
-- File: \SystemRoot\system32\drivers\vms3cap.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbp2port]
-- File: \SystemRoot\system32\drivers\sbp2port.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCDEmu]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scfilter]
-- File: System32\DRIVERS\scfilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort]
-- File: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" -- [249136] -- [27.07.2010 14:46]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc]
-- File: %SystemRoot%\system32\sppsvc.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppuinotify]
-- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc]
-- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Steam Client Service]
-- File: C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stexstor]
-- File: \SystemRoot\system32\DRIVERS\stexstor.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storflt]
-- File: system32\drivers\vmstorfl.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StorSvc]
-- File: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storvsc]
-- File: \SystemRoot\system32\drivers\storvsc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmPass]
-- File: \SystemRoot\system32\DRIVERS\umpass.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc]
-- File: %SystemRoot%\system32\lsass.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VC10SecS]
-- File: C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- [144712] -- [14.04.2010 11:09]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VComm]
-- File: system32\DRIVERS\VComm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VcommMgr]
-- File: System32\Drivers\VcommMgr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv1000]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrv1000.ini]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrvroot]
-- File: system32\drivers\vdrvroot.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhdmp]
-- File: \SystemRoot\system32\drivers\vhdmp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaC7]
-- File: \SystemRoot\system32\DRIVERS\viac7.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmbus]
-- File: system32\drivers\vmbus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMBusHID]
-- File: \SystemRoot\system32\drivers\VMBusHID.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsmraid]
-- File: \SystemRoot\system32\DRIVERS\vsmraid.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwifibus]
-- File: \SystemRoot\System32\drivers\vwifibus.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WatAdminSvc]
-- File: %SystemRoot%\system32\Wat\WatAdminSvc.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine]
-- File: "%systemroot%\system32\wbengine.exe" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wd]
-- File: \SystemRoot\system32\DRIVERS\wd.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WfpLwf]
-- File: system32\DRIVERS\wfplwf.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WIMMount]
-- File: system32\drivers\wimmount.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc]
-- File: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{66954131-4F6F-4216-946B-46EB650D50CF}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{785CBD73-8BB1-4E76-B1BF-724CC15C161F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{8DC89257-70B8-41B7-940A-25C9E242C4C4}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{BEC8ADC4-4A45-4E1A-8217-8B4AB3CE56D3}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{FC984F5D-0025-4632-AD52-F068989A21DB}]
-- filepath not found


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
EFS
MsMpSvc
Power
RpcEptMapper
vmms
WudfPf
WudfRd
WudfSvc
{533C5B84-EC70-11D2-9505-00C04F79DEAF}
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
EFS
MsMpSvc
Power
RpcEptMapper
VaultSvc
vmms
WudfPf
WudfRd
WudfSvc
WudfUsbccidDriver
{50DD5230-BA8A-11D1-BF5D-0000F805F530}
{533C5B84-EC70-11D2-9505-00C04F79DEAF}
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}


--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found


--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" value not found


--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0schedule
0BDESVC


--- DNS SERVER regkeys ---

no "NameServer" values found


--- HKCU SEARCHSCOPE ---

DefaultScope= {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
URL REG_SZ http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

Error: Value: "URL" does not exist!

HKEY_CURRENT_USER\software\microsoft\internet explorer\searchscopes\{6552c7dd-90a4-4387-b795-f8f96747de19}
URL REG_SZ http://search.icq.com/search/results.ph ... &ch_id=osd



--- HKLM SEARCHSCOPE ---

DefaultScope= {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
URL REG_SZ http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


--- STARTUP FOLDERS ---

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -- [174] -- [07.07.2011 11:15]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SaveSnap.lnk -- [1891] -- [23.12.2010 22:46]
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk -- [931] -- [20.07.2011 17:22]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -- [174] -- [14.07.2009 06:41]


--- TASK SCHEDULER JOBS ---

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -- [932] -- [11.07.2011 20:06]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -- [936] -- [11.07.2011 21:05]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807786179-3034001536-2686373736-1000Core.job -- [906] -- [11.07.2011 14:19]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1807786179-3034001536-2686373736-1000UA.job -- [958] -- [11.07.2011 20:19]


Scan completed: źt 21.07.2011 20:41:55,94
FINISHED

[motji]

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde