Win 7 Internet Security 2012 - znovu

[fwdre]

Zdravím,
již jsem tento problém řesil s vyosekem včera, vypadalo to, že je již vše v pořádku, ale dnes se ten virus objevil znovu...a nebyl jsem na žádných potenciálně závadných stránkách, ani jsem nic nestahoval/neinstaloval, takže virus musel zůstat někde zavrtaný.
Založil jsem nové vlákno, protože vyosek je teď offline.

link na předchozí vlákno: http://www.viry.cz/forum/viewtopic.php?f=13&t=113617

Takže mám ten virus v pc zase (resp asi pořád) Přitom od včera doteď šlo vše bez problémů. Musel být někde zavrtaný, protože se to stalo když jsem psal ve wordu.
A opět jsou tu znovu falešné poplachy, výzva k zaplacení licence "antiviru" a blokace internetu.
Tentokrát jsem ještě seriové číslo pro odblokování nezadavál, log jsem poslal známému přes skype a teď píši z jiného pc (nechci riskovat, že by se to nakopírovalo na flasku a zanesl bych si i notebook)

log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by kriz at 2011-07-26 17:19:44
Microsoft Windows 7 Home Premium
System drive C: has 119 GB (79%) free of 150 GB
Total RAM: 4087 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:53, on 25.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
F:\X\Programy\Fraps\fraps.exe
C:\Users\kriz\AppData\Local\xtb.exe
F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\kriz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 77.73.6.192:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\X\Programy\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\X\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\X\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.72.0.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.67.0.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.futuremark.com/openapi/r ... s/FMSI.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7974 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
taskeng.exe {4E7A28C2-2EA7-4739-BDB3-F5DC3775B9B3}
F:\X\Programy\Fraps\fraps.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1768
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"F:\X\Programy\Fraps\fraps64.dat"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
"taskhost.exe"
"C:\Users\kriz\AppData\Local\wby.exe" -gav C:\Windows\SysWOW64\0.24091423511760313.exe
Explorer.exe
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-465990855-3604300051-3132767143-100114_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-465990855-3604300051-3132767143-100114 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe15_ Global\UsGthrCtrlFltPipeMssGthrPipe15 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"F:\Documents\Download\stazene\virhelp_RSITx64.exe"
"C:\Program Files\trend micro\kriz.exe" /silentautolog

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\X\Programy\Java\jre6\bin\jp2ssv.dll [2010-01-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]
"1264470205"=C:\Users\kriz\AppData\Local\wby.exe [2011-07-26 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\X\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
F:\X\Programy\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\X\Programy\Java\jre6\bin\jusched.exe [2010-01-02 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
[17:30:08] norso_ "fwdre": ======File associations======

.exe - open - "C:\Users\kriz\AppData\Local\wby.exe" -a "%1" %*
.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-07-26 17:19:44 ----D---- C:\rsit
2011-07-26 01:06:48 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-07-26 01:06:41 ----D---- C:\Program Files\Microsoft Security Client
2011-07-25 21:08:48 ----D---- C:\ProgramData\Kaspersky Lab
2011-07-25 19:30:22 ----D---- C:\Users\kriz\AppData\Roaming\Malwarebytes
2011-07-25 19:30:17 ----D---- C:\ProgramData\Malwarebytes
2011-07-25 19:30:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-25 18:59:18 ----SHD---- C:\$RECYCLE.BIN
2011-07-25 18:39:21 ----D---- C:\Windows\ERDNT
2011-07-25 17:12:50 ----D---- C:\Program Files\trend micro
2011-07-24 23:38:58 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-24 23:38:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-24 23:38:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-24 23:38:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-24 23:38:51 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-24 23:38:51 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-24 23:38:49 ----A---- C:\Windows\system32\win32k.sys
2011-07-24 23:38:48 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-24 23:38:48 ----A---- C:\Windows\system32\wow64win.dll
2011-07-24 23:38:48 ----A---- C:\Windows\system32\kernel32.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-24 23:38:47 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\wow64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\winsrv.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\conhost.exe
2011-07-24 23:38:44 ----A---- C:\Windows\SYSWOW64\user.exe
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 13:28:50 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 13:28:49 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 13:28:48 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 13:28:48 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 13:28:48 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 13:28:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 13:28:47 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 13:28:47 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 13:28:47 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 13:28:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 13:28:46 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-27 16:17:43 ----D---- C:\ProgramData\eSellerate
2011-06-27 15:03:24 ----D---- C:\ProgramData\Sony
2011-06-27 15:03:20 ----D---- C:\Users\kriz\AppData\Roaming\Publish Providers
2011-06-27 15:00:02 ----D---- C:\Program Files (x86)\Sony
2011-06-27 14:56:58 ----D---- C:\Users\kriz\AppData\Roaming\Sony
[17:30:21] norso_ "fwdre": ======List of files/folders modified in the last 1 month======

2011-07-26 17:19:44 ----D---- C:\Windows\Prefetch
2011-07-26 17:16:49 ----D---- C:\Windows\SysWOW64
2011-07-26 17:16:49 ----D---- C:\ProgramData
2011-07-26 17:13:49 ----D---- C:\Windows\Temp
2011-07-26 16:44:27 ----D---- C:\Users\kriz\AppData\Roaming\Skype
2011-07-26 16:43:20 ----D---- C:\Users\kriz\AppData\Roaming\skypePM
2011-07-26 14:09:25 ----D---- C:\Windows\system32\config
2011-07-26 10:11:43 ----D---- C:\Windows\System32
2011-07-26 10:11:43 ----D---- C:\Windows\inf
2011-07-26 10:11:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 10:10:38 ----D---- C:\Windows\SoftwareDistribution
2011-07-26 10:09:48 ----AD---- C:\Windows
2011-07-26 10:08:13 ----D---- C:\Windows\system32\Tasks
2011-07-26 01:09:50 ----D---- C:\Windows\system32\catroot
2011-07-26 01:08:01 ----SHD---- C:\System Volume Information
2011-07-26 01:06:53 ----SHD---- C:\Windows\Installer
2011-07-26 01:06:53 ----D---- C:\Config.Msi
2011-07-26 01:06:50 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-07-26 01:06:49 ----D---- C:\Windows\system32\drivers
2011-07-26 01:06:48 ----RD---- C:\Program Files (x86)
2011-07-26 01:06:41 ----RD---- C:\Program Files
2011-07-26 01:03:24 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-26 00:51:15 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-26 00:24:37 ----D---- C:\Windows\system32\catroot2
2011-07-25 18:42:35 ----A---- C:\Windows\system.ini
2011-07-25 18:42:32 ----D---- C:\Windows\system32\drivers\etc
2011-07-25 18:41:23 ----D---- C:\Windows\AppPatch
2011-07-25 18:41:22 ----D---- C:\Program Files\Common Files
2011-07-25 18:41:22 ----D---- C:\Program Files (x86)\Common Files
2011-07-25 01:21:26 ----D---- C:\Users\kriz\AppData\Roaming\Opera
2011-07-25 00:59:11 ----D---- C:\Windows\winsxs
2011-07-25 00:57:41 ----D---- C:\Windows\system32\DriverStore
2011-07-25 00:43:53 ----D---- C:\Windows\Logs
2011-07-25 00:43:53 ----D---- C:\Windows\debug
2011-07-25 00:43:53 ----D---- C:\Users\kriz\AppData\Roaming\DAEMON Tools Lite
2011-07-25 00:33:22 ----A---- C:\Windows\system32\MRT.exe
2011-07-01 00:37:58 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-30 03:47:24 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-12-24 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-12-24 43680]
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\kriz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-07-29 14544]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-07 195584]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-18 254528]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 36352]
S3 ALSysIO;ALSysIO; \??\C:\Users\kriz\AppData\Local\Temp\ALSysIO64.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 cpuz130;cpuz130; \??\C:\Users\kriz\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-01-03 21832]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SIVDRIVER;SIV Kernel Driver; \??\C:\Windows\system32\Drivers\SIVX64.sys [2009-12-14 61504]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-07 202752]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-06-15 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[chodnik74]

Dobrý večer

Stáhněte program exeHelper.com

• Spuste program jako správce(pravým klikem myši spustit jako správce )
• Program vytvoří log exehelperlog.txt a ten sem vložte

Stáhneme si na Plochu program OTM

• Spustíme soubor OTM.exe (pokud máte Windows Vista nebo Windows 7,tak na soubor klikněte pravým tlačítkem myši a dejte ,,Spustit jako správce,,)
• Spustí se nám program OTM a do levého okna ,,Paste Instructions for Items to be Moved,, vložíme následující skript a stiskneme tlačítko MoveIt
  

  Kód: Vybrat vše

  
  :Files
  C:\Users\kriz\AppData\Local\wby.exe
  
  :Reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "1264470205"=-
  
  :Commands
  [EmptyFlash]
  [EmptyTemp]
  [ResetHosts]
  
  
  

• Po restartu pc se vám objeví log z OTM,ten mi sem prosím vložte..

[fwdre]

Tak internet už funguje, navenek to zatím vypadá, že je ten falešný antivirus pryč (nikde nevyskakují okna atd), msse mi to zase poškodilo (nefunguje - služba nenalezena), všechno v podstatě stejné jako včera, kdy to vypadalo, že jsem se toho zbavil, i když ve skutečnosti ne...
OTM se ovšem po killnutí procesu toho viru kousl, takže jsem ho musel spustit podruhé.
Logy:

exeHelper by Raktor
Build 20100414
Run at 19:53:39 on 07/26/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

All processes killed
========== FILES ==========
File/Folder C:\Users\kriz\AppData\Local\wby.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\1264470205 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kriz
->Temp folder emptied: 267143 bytes
->Temporary Internet Files folder emptied: 2105708 bytes
->Java cache emptied: 18003 bytes
->Opera cache emptied: 397740 bytes
->Flash cache emptied: 1626 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136492 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 728173 bytes

Total Files Cleaned = 4,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.18.0 log created on 07262011_195555

Files moved on Reboot...
C:\Users\kriz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[chodnik74]

Výborně..přeinstalujte MSE a vložte mi nový RSIT

[fwdre]

Logfile of random's system information tool 1.09 (written by random/random)
Run by kriz at 2011-07-26 20:15:32
Microsoft Windows 7 Home Premium
System drive C: has 119 GB (79%) free of 150 GB
Total RAM: 4087 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:35, on 26.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
F:\X\Programy\Fraps\fraps.exe
F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\kriz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\X\Programy\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://F:\X\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\X\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.72.0.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.67.0.cab
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/stati ... 0.53.2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.futuremark.com/openapi/r ... s/FMSI.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6962 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1712
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
C:\Windows\Explorer.EXE
taskeng.exe {15180A03-BA40-4D13-A049-E4D86CCD73ED}
"C:\Windows\system32\Dwm.exe"
F:\X\Programy\Fraps\fraps.exe
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\wmiprvse.exe
"F:\X\Programy\Fraps\fraps64.dat"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3304 CREDAT:79873
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe /V
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" /Update /OpenWebPageOnClose
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"F:\Documents\Download\stazene\virhelp_RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\X\Programy\Java\jre6\bin\jp2ssv.dll [2010-01-02 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2009-07-14 9728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\X\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
F:\X\Programy\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\X\Programy\Java\jre6\bin\jusched.exe [2010-01-02 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-20 270336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=F:\X\Programy\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2011-07-26 20:10:01 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-07-26 20:09:59 ----D---- C:\Program Files\Microsoft Security Client
2011-07-26 17:19:44 ----D---- C:\rsit
2011-07-25 21:08:48 ----D---- C:\ProgramData\Kaspersky Lab
2011-07-25 19:30:22 ----D---- C:\Users\kriz\AppData\Roaming\Malwarebytes
2011-07-25 19:30:17 ----D---- C:\ProgramData\Malwarebytes
2011-07-25 19:30:14 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-25 18:59:18 ----SHD---- C:\$RECYCLE.BIN
2011-07-25 18:39:21 ----D---- C:\Windows\ERDNT
2011-07-25 17:12:50 ----D---- C:\Program Files\trend micro
2011-07-24 23:38:58 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-24 23:38:57 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-24 23:38:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-24 23:38:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-24 23:38:56 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-24 23:38:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-24 23:38:51 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-24 23:38:51 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-24 23:38:49 ----A---- C:\Windows\system32\win32k.sys
2011-07-24 23:38:48 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-24 23:38:48 ----A---- C:\Windows\system32\wow64win.dll
2011-07-24 23:38:48 ----A---- C:\Windows\system32\kernel32.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-24 23:38:47 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\wow64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\winsrv.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-24 23:38:47 ----A---- C:\Windows\system32\conhost.exe
2011-07-24 23:38:44 ----A---- C:\Windows\SYSWOW64\user.exe
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 13:28:50 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 13:28:50 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 13:28:49 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 13:28:48 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 13:28:48 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 13:28:48 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 13:28:47 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 13:28:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 13:28:47 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 13:28:47 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 13:28:47 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 13:28:46 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2011-06-29 13:28:46 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 13:28:46 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 13:28:46 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-27 16:17:43 ----D---- C:\ProgramData\eSellerate
2011-06-27 15:03:24 ----D---- C:\ProgramData\Sony
2011-06-27 15:03:20 ----D---- C:\Users\kriz\AppData\Roaming\Publish Providers
2011-06-27 15:00:02 ----D---- C:\Program Files (x86)\Sony
2011-06-27 14:56:58 ----D---- C:\Users\kriz\AppData\Roaming\Sony

======List of files/folders modified in the last 1 month======

2011-07-26 20:11:59 ----D---- C:\Windows\Temp
2011-07-26 20:10:50 ----D---- C:\Windows\Prefetch
2011-07-26 20:10:33 ----SHD---- C:\System Volume Information
2011-07-26 20:10:06 ----SHD---- C:\Windows\Installer
2011-07-26 20:10:06 ----D---- C:\Config.Msi
2011-07-26 20:10:03 ----D---- C:\Windows\SysWOW64
2011-07-26 20:10:03 ----D---- C:\Windows\inf
2011-07-26 20:10:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-07-26 20:10:02 ----D---- C:\Windows\system32\drivers
2011-07-26 20:10:02 ----D---- C:\Windows\system32\catroot
2011-07-26 20:10:01 ----RD---- C:\Program Files (x86)
2011-07-26 20:09:59 ----RD---- C:\Program Files
2011-07-26 20:01:26 ----D---- C:\Windows\System32
2011-07-26 20:01:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 20:00:20 ----D---- C:\Windows\system32\config
2011-07-26 19:57:48 ----D---- C:\Windows\system32\Tasks
2011-07-26 19:57:14 ----AD---- C:\Windows
2011-07-26 19:56:04 ----D---- C:\Windows\system32\drivers\etc
2011-07-26 17:30:52 ----D---- C:\Users\kriz\AppData\Roaming\Skype
2011-07-26 17:16:49 ----D---- C:\ProgramData
2011-07-26 16:43:20 ----D---- C:\Users\kriz\AppData\Roaming\skypePM
2011-07-26 10:10:38 ----D---- C:\Windows\SoftwareDistribution
2011-07-26 01:03:24 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-26 00:51:15 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-26 00:24:37 ----D---- C:\Windows\system32\catroot2
2011-07-25 18:42:35 ----A---- C:\Windows\system.ini
2011-07-25 18:41:23 ----D---- C:\Windows\AppPatch
2011-07-25 18:41:22 ----D---- C:\Program Files\Common Files
2011-07-25 18:41:22 ----D---- C:\Program Files (x86)\Common Files
2011-07-25 01:21:26 ----D---- C:\Users\kriz\AppData\Roaming\Opera
2011-07-25 00:59:11 ----D---- C:\Windows\winsxs
2011-07-25 00:57:41 ----D---- C:\Windows\system32\DriverStore
2011-07-25 00:43:53 ----D---- C:\Windows\Logs
2011-07-25 00:43:53 ----D---- C:\Windows\debug
2011-07-25 00:43:53 ----D---- C:\Users\kriz\AppData\Roaming\DAEMON Tools Lite
2011-07-25 00:33:22 ----A---- C:\Windows\system32\MRT.exe
2011-07-01 00:37:58 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-30 03:47:24 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-12-24 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-12-24 43680]
R2 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Users\kriz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-07-29 14544]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-04-07 195584]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-18 254528]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 36352]
S3 ALSysIO;ALSysIO; \??\C:\Users\kriz\AppData\Local\Temp\ALSysIO64.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 cpuz130;cpuz130; \??\C:\Users\kriz\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-01-03 21832]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SIVDRIVER;SIV Kernel Driver; \??\C:\Windows\system32\Drivers\SIVX64.sys [2009-12-14 61504]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-04-07 202752]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-06-15 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[chodnik74]

Vypadá,že je pryč potvora jak se chová pc?

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
  
  
  

• Soubor uložíme jako oprava.reg (při ukládání nastavte Uložit jako typ:Všechny soubory)
• Poté tento soubor spustíme a potvrdíme

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

Údržba PC:

1)Čištění dočasných složek + neplatné registry
Ccleaner

• Stáhneme a nainstalujeme program
• Spustíme program
• ČISTIČ
  Windows zde necháme vše jak je (pokud používáme IE,tak odškrkneme jeho položky) a zaškrkneme položky Start Menu zástupci a Zástupci na ploše
  Aplikace - necháme jak je,ale pokud používáme nějaký prohlížeč (Google chrome,Firefox,Opera..) tak odškrkneme jeho položky
  >Stiskeneme tlačítko Analyzovat a poté Spustit Cleaner
• Registry
  >Stiskneme tlačítko Hledej problémy,program začne hledat neplatné registry..podé zvolíme Opravit vybrané problémy..
  >Program se zeptá,zda chceme vytvořit zálohu registrů,zvolíme ano a uložíme si někde zálohu(kdyby byli po opravení registru s něčím problémy,tak zálohu obnovíme tak,že spustíme uloženou zálohu a potvrdíme ano),dále zvolíme Opravit všechny problémy a Zavřít
  >opakujte dokud nebude registr bez problémů
• Program používáme 1x 14dní (záleží na používání pc,můžeme i jednou týdně)

2)Defragmentace disku
Defraggler

• Stáhneme a nainstalujeme program
• Spustíme program
• Vybereme disk ( C:,D:..prostě který používáme)
• Pokud je ve sloupci Fragmentace více než 5% dejte Defragmentovat
• Proveďte se všemi používanými disky
• Provádíme 1x za měsíc

3)Aktualizace programů
FileHippo.com Update Checker

• Stáhneme a nainstalujeme program(Při instalaci odškrkneme volbu Run at Startup )
• Spustíme program
• Program vyhledá nainstalované programy v PC a zjistí dostupné aktualizace
• Poté se vám otevře internetová stránka,kde budou nabídnuté aplikace k aktualizování
  >X Updates Detected..to jsou dostupné aktualizace..
  > klikneme na zelenou šipečku a stáhneme program,poté nainstalujeme jeho aktuální verzi
  > X Beta Updates Detected..tyto aktualizace nestahujte,jedná se o betaverze,které jsou ve vývoji a jsou nestabilní
• Provádíme 1x za 14 dní nebo jednou za měsíc

Jak se chová PC

[fwdre]

Všechno aplikováno, CCleaner již delší dobu používám, na defragmentaci mám WinContig.

Vypadá to v pořádku, ovšem až na jednu věc. V Centru akcí nejde spustit Centrum zabezpečení, vůbec ("Službu zabezpečení systému Windows nelze spustit"), přitom MSE vypadá, že běží normálně. Po restartu to samé.
Je to podobné jako včera, kdy MSE bežel, ale v Centru akcí to hlásilo vypnutý antispyware, který nešel zapnout (antivir a firewall to ale hlásilo jako zapnutý)
Obávám se, že se stane to co včera a virus se sám do několika hodin opraví (na 100% není možné, že bych ho odněkud znova chytil)
(a přitom včera MBAM ani AVP Tool nic nenašli)

[chodnik74]

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

vím,že včera jste CF spouštěli,ale ten nám kdyžtak ukáže poškozené nebo chybějící systémové soubory


Program nepoužívejte bez doporučení Rádce a pozorně se řiďte následujících pokynu,protože program netoleruje chyby a může dojít k úplnému poškození systému!!

• Stáhneme si Combofix
• Program uložíme nejlépe na Plochu
• Vypneme všechny rezidentní štíty.Jak antiviru,tak antispywaru a firewallu
• Vypneme všechny běžící aplikace (ICQ,prohlížeč,programy) a necháme pouze Combofix
• Spustíme Combofix.exe s administrátorským oprávněním
  U Windows XP se přihlásíme pod účtem správce
  Ve Windows 7 a Vista klikněte pravým tlačítkem myši na Combofix.exe a dejte ,,Spustit jako správce,,)
• Hned po startu programu na vás vyskočí licenční podmínky,tak potvrdíme tlačítkemANO
• Pokud vám Combofix nabídne instalaci Konzoly pro zotavení,tak souhlaste a nechte nainstalovat(zde je potřeba aktivní připojení na internet)
• Pokračujte dle pokynů programu a během skenování na nic neklikejte,na pc nepracujte(ICQ,jiné aplikace,internet..).Nechte počítač v klidu.
• Celý sken tvá mezi 5-15 min,ale pokud je v PC hodně havěti,tak se čas může lišit.
• Po skončení skenování(případném restartu počítače) se vám zobrazí log z Combofixu,který mi vložte sem(Kdyby se log nezobrazil,tak jej najdete zde: C:\ComboFix.txt
• (Pokud si nevíte rady s kterýmkoliv z výše uvedených kroků,tak se ptejte nebo mrkněte na detailnější návod včetně obrázků http://www.bleepingcomputer.com/combofi ... t-combofix )

[fwdre]

Přestože jsem antivir i firewall vypnul (ani příslušné procesy podle task manageru neběžely), Combofix hlásil, že MSE pořád běží...

ComboFix 11-07-26.03 - kriz 26.07.2011 21:05:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4087.2948 [GMT 2:00]
Spuštěný z: f:\documents\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:07 . 2011-07-26 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 18:10 . 2011-07-26 18:10 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5529D09D-A5E4-4D80-AF70-D4F4A79050D8}\gapaengine.dll
2011-07-26 18:10 . 2011-07-12 19:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CDF03FB-7DC2-4285-954B-5255EA66DA13}\mpengine.dll
2011-07-26 18:10 . 2011-07-26 18:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-26 18:09 . 2011-07-26 18:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-25 19:08 . 2011-07-25 19:08 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-25 17:30 . 2011-07-25 17:30 -------- d-----w- c:\users\kriz\AppData\Roaming\Malwarebytes
2011-07-25 17:30 . 2011-07-25 17:30 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 17:30 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 15:12 . 2011-07-26 18:15 -------- d-----w- c:\program files\trend micro
2011-07-24 23:21 . 2011-07-24 23:21 -------- d-----w- c:\users\kriz\AppData\Local\Ruler
2011-07-24 23:21 . 2011-07-24 23:21 -------- d-----w- c:\users\kriz\AppData\Local\Stay Secure
2011-07-24 21:53 . 2011-07-24 21:53 -------- d-----w- c:\users\kriz\AppData\Local\Floating Minds
2011-06-29 11:28 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-27 14:17 . 2011-06-27 14:17 -------- d-----w- c:\programdata\eSellerate
2011-06-27 13:21 . 2011-06-27 13:21 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2011-06-27 13:03 . 2011-06-27 13:03 -------- d-----w- c:\programdata\Sony
2011-06-27 13:03 . 2011-06-27 13:03 -------- d-----w- c:\users\kriz\AppData\Roaming\Publish Providers
2011-06-27 13:00 . 2011-06-27 13:03 -------- d-----w- c:\users\kriz\AppData\Local\Sony
2011-06-27 13:00 . 2011-06-27 13:00 -------- d-----w- c:\program files (x86)\Sony
2011-06-27 12:56 . 2011-06-27 23:36 -------- d-----w- c:\users\kriz\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 08:52 . 2011-05-17 08:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 08:37 . 2010-01-28 19:52 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-23 08:37 . 2010-01-02 22:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-23 08:37 . 2010-01-02 22:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-15 23:59 . 2011-05-18 16:56 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-06-15 12:20 . 2010-01-02 22:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-02 05:56 . 2011-07-24 21:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-15 09:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-15 09:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-25 21:07 . 2010-11-19 16:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-25 21:07 . 2009-12-27 21:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-04 02:51 . 2011-06-15 09:38 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-15 09:38 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-15 09:38 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-15 09:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-15 09:37 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-02 16:33 . 2010-11-19 16:35 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-02 16:33 . 2009-12-27 21:13 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-04-29 03:13 . 2011-06-15 09:38 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-15 09:38 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-15 09:38 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="f:\x\Programy\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\kriz\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 cpuz130;cpuz130;c:\users\kriz\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kriz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-07-29 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - f:\x\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-465990855-3604300051-3132767143-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,e3,a6,c4,ad,27,5b,db,c4,a7,da,aa,d8,31,c2,89,04,29,60,42,e9,
8a,b6,45,32,3b,46,1f,8e,78,14,08,5d,5b,d6,c4,79,54,0b,fe,66,35,da,0d,91,9c,\
"rkeysecu"=hex:2a,03,1d,8a,04,85,a5,07,8f,23,55,a1,02,42,c8,19
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-26 21:08:38
ComboFix-quarantined-files.txt 2011-07-26 19:08
.
Před spuštěním: Volných bajtů: 124 655 816 704
Po spuštění: Volných bajtů: 124 533 874 688
.
- - End Of File - - 56585D536698A19F1902B6EAB51EF172

[chodnik74]

Otevřeme si Poznámkový blok

• (stiskneme klávesovou kombinaci WIN+R a napíšeme ,,notepad,, bez úvozovek a dáme enter)
• Vložíme do něj následující script:

  Kód: Vybrat vše

  KillAll::
  
  RegLock::
  [HKEY_USERS\S-1-5-21-465990855-3604300051-3132767143-1001\Software\SecuROM\License information*]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::
  

• Soubor uložíme na Plochu jako CFScript.txt
• Poté tento soubor uchopíme levým tlačítkem myši a přetáhneme na ikonu Combofixu a upustíme
  
  
• Poté Combofix provede všechny operace a udělá nový log,který sem vložte

[fwdre]

ComboFix 11-07-26.03 - kriz 26.07.2011 21:34:00.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4087.3003 [GMT 2:00]
Spuštěný z: f:\documents\Plocha\ComboFix.exe
Použité ovládací přepínače :: f:\documents\Plocha\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 19:35 . 2011-07-26 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 18:10 . 2011-07-26 18:10 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5529D09D-A5E4-4D80-AF70-D4F4A79050D8}\gapaengine.dll
2011-07-26 18:10 . 2011-07-12 19:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CDF03FB-7DC2-4285-954B-5255EA66DA13}\mpengine.dll
2011-07-26 18:10 . 2011-07-26 18:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-07-26 18:09 . 2011-07-26 18:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-25 19:08 . 2011-07-25 19:08 -------- d-----w- c:\programdata\Kaspersky Lab
2011-07-25 17:30 . 2011-07-25 17:30 -------- d-----w- c:\users\kriz\AppData\Roaming\Malwarebytes
2011-07-25 17:30 . 2011-07-25 17:30 -------- d-----w- c:\programdata\Malwarebytes
2011-07-25 17:30 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-25 15:12 . 2011-07-26 18:15 -------- d-----w- c:\program files\trend micro
2011-07-24 23:21 . 2011-07-24 23:21 -------- d-----w- c:\users\kriz\AppData\Local\Ruler
2011-07-24 23:21 . 2011-07-24 23:21 -------- d-----w- c:\users\kriz\AppData\Local\Stay Secure
2011-07-24 21:53 . 2011-07-24 21:53 -------- d-----w- c:\users\kriz\AppData\Local\Floating Minds
2011-06-29 11:28 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-27 14:17 . 2011-06-27 14:17 -------- d-----w- c:\programdata\eSellerate
2011-06-27 13:21 . 2011-06-27 13:21 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
2011-06-27 13:03 . 2011-06-27 13:03 -------- d-----w- c:\programdata\Sony
2011-06-27 13:03 . 2011-06-27 13:03 -------- d-----w- c:\users\kriz\AppData\Roaming\Publish Providers
2011-06-27 13:00 . 2011-06-27 13:03 -------- d-----w- c:\users\kriz\AppData\Local\Sony
2011-06-27 13:00 . 2011-06-27 13:00 -------- d-----w- c:\program files (x86)\Sony
2011-06-27 12:56 . 2011-06-27 23:36 -------- d-----w- c:\users\kriz\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 08:52 . 2011-05-17 08:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 08:37 . 2010-01-28 19:52 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-23 08:37 . 2010-01-02 22:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-23 08:37 . 2010-01-02 22:32 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-15 23:59 . 2011-05-18 16:56 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-06-15 12:20 . 2010-01-02 22:32 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-02 05:56 . 2011-07-24 21:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:25 . 2011-06-15 09:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:00 . 2011-06-15 09:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-25 21:07 . 2010-11-19 16:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-25 21:07 . 2009-12-27 21:13 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-04 02:51 . 2011-06-15 09:38 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-15 09:38 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-15 09:38 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-15 09:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-15 09:37 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-02 16:33 . 2010-11-19 16:35 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-02 16:33 . 2009-12-27 21:13 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-04-29 03:13 . 2011-06-15 09:38 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-15 09:38 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-15 09:38 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_19.07.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 12:31 . 2011-07-26 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 12:31 . 2011-07-26 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-26 18:31 . 2011-07-26 19:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-26 18:31 . 2011-07-26 18:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-26 19:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-26 18:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 13:26 . 2011-07-26 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 13:26 . 2011-07-26 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-17 13:26 . 2011-07-26 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-17 13:26 . 2011-07-26 19:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-26 18:28 . 2011-07-26 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-26 19:36 . 2011-07-26 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-07-26 18:31 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-07-26 19:11 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-07-26 18:27 261572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-26 19:35 261572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-01-17 23:08 . 2011-07-26 18:27 1752824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-17 23:08 . 2011-07-26 19:35 1752824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="f:\x\Programy\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\kriz\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 cpuz130;cpuz130;c:\users\kriz\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\kriz\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-07-29 14544]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - f:\x\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-465990855-3604300051-3132767143-1001\Software\SecuROM\License information*]
"datasecu"=hex:17,e3,a6,c4,ad,27,5b,db,c4,a7,da,aa,d8,31,c2,89,04,29,60,42,e9,
8a,b6,45,32,3b,46,1f,8e,78,14,08,5d,5b,d6,c4,79,54,0b,fe,66,35,da,0d,91,9c,\
"rkeysecu"=hex:2a,03,1d,8a,04,85,a5,07,8f,23,55,a1,02,42,c8,19
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
f:\x\Programy\Fraps\fraps.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 21:39:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 19:39
ComboFix2.txt 2011-07-26 19:08
.
Před spuštěním: Volných bajtů: 124 571 881 472
Po spuštění: Volných bajtů: 124 335 767 552
.
- - End Of File - - DB54C2488E73DFB9BE68D40FC1581442

[chodnik74]

Stiskněte klávesovou kombinaci WIN+R( nebo start-spustit ),čímž se vám otevře okno pro zadání příkazu pro spuštění a zkopírujte a vložte sem následujíci text: Combofix /Uninstall a dejte enter

OTC

• Spustíme,zmáčkneme CleanUp a potvrdíme YES Program uklidí a následně restartuje

T-Cleaner

• Spustíme,zmáčkneme klávesu A a potvrdíme ENTER(některé antiviry mohou detekovat utilitu jako vir-jedá se o falešný poplach,proto IGNOROVAT nebo dočasně vypnout antivir )
• po použití T-Cleaner smažte

TFC

• Stáhneme a spustíme program
• Klikneme na Start a potvrdíme OK
• Program začne uklízet,poté restartuje pc
• po použití program smažte

[fwdre]

Vše aplikováno, zatím to vypadá, že je po problému. Vše běží, ani Centrum akcí nehlásí problémy.
Snad už jsem se toho koněčně zbavil, děkuji moc za pomoc

[chodnik74]

Rád jsem pomohl Kdyby něco,tak se ozvěte..dobrou noc

[fwdre]

Sakra, dnes mi po restartu zase Centrum akcí hlásí vypnutý antispyware, který nejde zapnout (po kliknutí na zapnout se ani nic nestane, žádná chybová hláška)...to je stejné jako předevčírem...doufám, že je v tomhle chyba opravdu někde u microsoftu a neznamená to, že mám ten virus stále v pc