(možná) Virus který zpomaluje internet

Zpráva

maturo164 · #1 Příspěvek od **maturo164** » 01 led 2012 21:09

Poslední asi 2-3 týdny se mi začaly objevovat velké potíže s internetem a to ve formě nestability - znamená to, že internet jede v klidu do cca 20+- ms ale často skáče do hodnot 200-500ms.
Týká se to hlavně her, ale i v cmd při ping www.seznam.cz -t chvilku píše hodnoty jako 10,11,20 ms a pak přeskočí na nějakou dobu na čísla 200-500 ms.
Ve hrách je to velmi nepříjemné, tak bych se chtěl poradit co s tím.
Zde postnu log z RSITu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-01-01 21:08:43
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 228 GB (24%) free of 953 GB
Total RAM: 4094 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:56, on 1.1.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Miranda IM\miranda32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Roman.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsbohemia.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\SysWow64\gigagetbho_v10.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [System] C:\Users\Roman\Music\lst.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O8 - Extra context menu item: &Download All by Gigaget - C:\Programy\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Programy\Gigaget\geturl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\ESET\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\ESET\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9427 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\ESET\x86\ekrn.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
WLIDSvcM.exe 2824
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Last.fm\LastFM.exe" --tray
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\ESET\egui.exe"
"C:\Program Files (x86)\Miranda IM\miranda32.exe"
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
"taskhost.exe"
"C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=4608.0898FB00.1158433437 /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel=4608.089FFEA0.1428266483 /prefetch:12
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe"
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
"C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Prefetch/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwnd16/SpdyImpact/npn_with_spdy/SuggestHostPrefix/Www_Prefix/WarmSocketImpact/warmest_socket/ --enable-print-preview --channel=4608.06D47840.1074368515 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Roman\AppData\Local\Google\Chrome\APPLIC~1\150874~1.102\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Roman\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll" --lang=cs --channel=4608.09AF4A80.1956746053 --flash-broker=3080 /prefetch:4
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Roman\Downloads\RSITx64.exe"
taskhost.exe $(Arg0)

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 68976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]
GigagetIEHelper Class - C:\Windows\SysWow64\gigagetbho_v10.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-07 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [2005-02-02 98304]
"egui"=C:\Program Files (x86)\ESET\egui.exe [2010-11-18 2919168]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"System"=C:\Users\Roman\Music\lst.exe [2010-09-12 10752]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-11-09 343168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-06-16 259072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-01 20:53:20 ----D---- C:\Program Files\trend micro
2012-01-01 20:53:16 ----D---- C:\rsit
2012-01-01 20:02:56 ----A---- C:\Windows\system32\drivers\Lbd.sys
2012-01-01 20:02:50 ----D---- C:\ProgramData\Lavasoft
2012-01-01 20:02:50 ----D---- C:\Program Files (x86)\Lavasoft
2012-01-01 20:00:38 ----A---- C:\Windows\zip.exe
2012-01-01 20:00:38 ----A---- C:\Windows\SWSC.exe
2012-01-01 20:00:38 ----A---- C:\Windows\SWREG.exe
2012-01-01 20:00:38 ----A---- C:\Windows\sed.exe
2012-01-01 20:00:38 ----A---- C:\Windows\PEV.exe
2012-01-01 20:00:38 ----A---- C:\Windows\NIRCMD.exe
2012-01-01 20:00:38 ----A---- C:\Windows\MBR.exe
2012-01-01 20:00:38 ----A---- C:\Windows\grep.exe
2012-01-01 20:00:33 ----D---- C:\Windows\ERDNT
2012-01-01 20:00:32 ----SD---- C:\ComboFix
2012-01-01 20:00:14 ----D---- C:\Qoobox
2012-01-01 17:33:20 ----D---- C:\Program Files (x86)\TNod User & Password Finder
2011-12-31 10:52:34 ----D---- C:\Program Files (x86)\Realtek
2011-12-25 14:40:15 ----D---- C:\ProgramData\ATI
2011-12-25 14:40:12 ----D---- C:\Program Files (x86)\AMD APP
2011-12-23 12:04:20 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-12-23 12:04:13 ----D---- C:\Program Files\Microsoft Security Client
2011-12-20 18:46:39 ----D---- C:\Users\Roman\AppData\Roaming\VC 2 Paradise Resort
2011-12-20 18:16:57 ----D---- C:\Users\Roman\AppData\Roaming\MetaProducts
2011-12-19 20:16:50 ----D---- C:\Users\Roman\AppData\Roaming\FOG Downloader
2011-12-18 23:07:45 ----D---- C:\Users\Roman\AppData\Roaming\Origin
2011-12-18 23:07:34 ----D---- C:\ProgramData\Origin
2011-12-18 23:07:33 ----D---- C:\Program Files (x86)\Origin Games
2011-12-15 06:28:41 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-15 06:28:37 ----A---- C:\Windows\system32\mshtml.dll
2011-12-15 06:28:36 ----A---- C:\Windows\system32\wininet.dll
2011-12-15 06:28:35 ----A---- C:\Windows\system32\ieframe.dll
2011-12-15 06:28:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-15 06:28:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-15 06:28:34 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-15 06:28:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-15 06:28:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-15 06:28:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-12-15 06:28:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-15 06:28:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-15 06:28:33 ----A---- C:\Windows\system32\urlmon.dll
2011-12-15 06:28:33 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-15 06:28:33 ----A---- C:\Windows\system32\msfeeds.dll
2011-12-15 06:28:33 ----A---- C:\Windows\system32\ieui.dll
2011-12-15 06:28:33 ----A---- C:\Windows\system32\iertutil.dll
2011-12-15 06:28:32 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-15 06:28:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-15 06:28:32 ----A---- C:\Windows\system32\url.dll
2011-12-15 06:28:32 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-15 06:28:18 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-15 06:28:18 ----A---- C:\Windows\system32\win32k.sys
2011-12-15 06:28:18 ----A---- C:\Windows\system32\EncDec.dll
2011-12-15 06:28:15 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-15 06:28:15 ----A---- C:\Windows\system32\tzres.dll
2011-12-13 19:46:15 ----D---- C:\Program Files (x86)\NCsoft
2011-12-03 19:38:56 ----D---- C:\ProgramData\PMB Files

======List of files/folders modified in the last 1 month======

2012-01-01 21:08:49 ----D---- C:\Windows\Temp
2012-01-01 20:53:20 ----RD---- C:\Program Files
2012-01-01 20:13:37 ----D---- C:\Windows\system32\Tasks
2012-01-01 20:13:34 ----D---- C:\Windows\system32\config
2012-01-01 20:13:30 ----D---- C:\Windows\winsxs
2012-01-01 20:03:28 ----SHD---- C:\Windows\Installer
2012-01-01 20:02:56 ----DC---- C:\Windows\system32\DRVSTORE
2012-01-01 20:02:56 ----D---- C:\Windows\system32\drivers
2012-01-01 20:02:56 ----D---- C:\Windows\system32\catroot
2012-01-01 20:02:50 ----RD---- C:\Program Files (x86)
2012-01-01 20:02:50 ----HD---- C:\ProgramData
2012-01-01 20:02:31 ----SHD---- C:\System Volume Information
2012-01-01 20:00:38 ----D---- C:\Windows
2012-01-01 19:47:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-01-01 19:39:41 ----D---- C:\Hry
2012-01-01 18:57:32 ----D---- C:\Programy
2012-01-01 18:50:39 ----D---- C:\Windows\system32\catroot2
2012-01-01 18:15:04 ----RSD---- C:\Windows\assembly
2012-01-01 18:15:04 ----D---- C:\Windows\Microsoft.NET
2012-01-01 17:37:21 ----D---- C:\Program Files (x86)\ESET
2012-01-01 17:06:45 ----D---- C:\Windows\SysWOW64
2012-01-01 17:06:21 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-01-01 17:06:12 ----D---- C:\Windows\inf
2012-01-01 17:06:09 ----D---- C:\Windows\System32
2012-01-01 17:06:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-01 17:00:15 ----D---- C:\Windows\Prefetch
2012-01-01 13:21:54 ----SD---- C:\Users\Roman\AppData\Roaming\Microsoft
2012-01-01 13:21:42 ----SD---- C:\ProgramData\Microsoft
2011-12-31 10:54:16 ----HD---- C:\Program Files (x86)\Temp
2011-12-31 10:52:26 ----D---- C:\Windows\system32\DriverStore
2011-12-30 18:58:44 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2011-12-29 19:02:47 ----D---- C:\Windows\system32\NDF
2011-12-25 14:39:43 ----D---- C:\Program Files\ATI Technologies
2011-12-25 14:39:33 ----D---- C:\ProgramData\AMD
2011-12-24 16:02:17 ----D---- C:\Users\Roman\AppData\Roaming\Bioshock
2011-12-24 15:57:40 ----D---- C:\ProgramData\Solidshield
2011-12-24 13:46:24 ----A---- C:\Users\Roman\AppData\Roaming\burnaware.ini
2011-12-23 11:36:56 ----D---- C:\Windows\debug
2011-12-20 21:47:53 ----RSD---- C:\Windows\Fonts
2011-12-20 18:29:08 ----D---- C:\Program Files (x86)\Common Files
2011-12-20 18:26:18 ----D---- C:\ProgramData\Adobe
2011-12-20 18:25:47 ----D---- C:\Program Files (x86)\Adobe
2011-12-20 18:24:57 ----D---- C:\Program Files\Common Files
2011-12-20 18:16:57 ----RD---- C:\Users
2011-12-20 18:01:42 ----D---- C:\Program Files (x86)\Microsoft Office
2011-12-20 07:39:14 ----D---- C:\Windows\rescache
2011-12-15 16:57:32 ----D---- C:\Windows\SYSWOW64\migration
2011-12-15 16:57:32 ----D---- C:\Windows\system32\migration
2011-12-15 16:57:32 ----D---- C:\Program Files\Internet Explorer
2011-12-15 16:57:32 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-15 15:26:38 ----A---- C:\Windows\system32\MRT.exe
2011-12-15 15:26:22 ----A---- C:\Windows\win.ini
2011-12-15 15:24:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-12-15 15:24:23 ----D---- C:\Windows\system32\cs-CZ
2011-12-13 19:38:29 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2011-12-13 11:01:00 ----A---- C:\Windows\RtlExUpd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys [2010-06-17 16440]
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2011-10-28 69376]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-03 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 MpKslbabd29a7;MpKslbabd29a7; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A7FC3E59-4A1E-4B83-A452-5ADB0833372F}\MpKslbabd29a7.sys [2012-01-01 35664]
R1 nm3;Microsoft Network Monitor 3 Driver; C:\Windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
R2 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-03 314016]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 120320]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-03 43680]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-12-02 213280]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376]
S3 1394hub;1394 Enabled Hub; C:\Windows\syswow64\svchost.exe [2009-07-14 20992]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S3 ayna4dhh;ayna4dhh; C:\Windows\system32\drivers\ayna4dhh.sys []
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 cpuz132;cpuz132; \??\C:\Users\Roman\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Hry\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 61808]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-10-23 13352]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Programy\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-10-23 27176]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-16 6112672]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-19 27648]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 X6va003;X6va003; \??\C:\Users\Roman\AppData\Local\Temp\0033997.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-11-10 204288]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
R2 ekrn;ESET Service; C:\Program Files (x86)\ESET\x86\ekrn.exe [2010-11-18 810144]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-04-05 75136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files (x86)\ESET\EHttpSrv.exe [2010-11-18 42360]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-05-03 4756216]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-10-22 419624]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 01 led 2012 21:16

Pokud dáte log RSIT po logu ComboFix, můžete si být jistý, že v něm nic nenajdet. CF zničí všechny stopy. Dejte log z ComboFix. Měl by být v C:\combofix.txt.

maturo164 · #3 Příspěvek od **maturo164** » 01 led 2012 21:53

Inu zde je ComboFix

ComboFix 12-01-01.02 - Roman 01.01.2012 21:28:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.1834 [GMT 1:00]
Spuštěný z: c:\users\Roman\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Roman\AppData\Local\assembly\tmp
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\XSxS
F:\Autorun.inf
F:\Setup.exe
c:\program files (x86)\ESET\EGUI.exe . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wuauserv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-01 do 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 20:42 . 2012-01-01 20:42 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FC3E59-4A1E-4B83-A452-5ADB0833372F}\offreg.dll
2012-01-01 20:40 . 2012-01-01 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-01 19:53 . 2012-01-01 20:08 -------- d-----w- c:\program files\trend micro
2012-01-01 19:53 . 2012-01-01 20:02 -------- d-----w- C:\rsit
2012-01-01 19:02 . 2011-10-28 18:35 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-01 19:02 . 2012-01-01 19:02 -------- d-----w- c:\programdata\Lavasoft
2012-01-01 19:02 . 2012-01-01 19:02 -------- d-----w- c:\program files (x86)\Lavasoft
2012-01-01 16:33 . 2012-01-01 16:34 -------- d-----w- c:\program files (x86)\TNod User & Password Finder
2012-01-01 16:29 . 2011-11-21 02:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FC3E59-4A1E-4B83-A452-5ADB0833372F}\mpengine.dll
2011-12-31 09:52 . 2011-12-31 09:52 -------- d-----w- c:\program files (x86)\Realtek
2011-12-25 13:40 . 2011-12-25 13:40 -------- d-----w- c:\programdata\ATI
2011-12-25 13:40 . 2011-12-25 13:40 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-25 13:36 . 2011-11-21 02:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-24 20:28 . 2011-12-24 20:28 -------- d-----w- c:\users\Roman\AppData\Local\SWTOR
2011-12-24 15:56 . 2011-12-24 15:56 -------- d-----w- c:\users\Roman\AppData\Local\Microsoft Games
2011-12-23 11:17 . 2011-12-23 11:17 -------- d-----w- c:\users\Roman\AppData\Local\GHISLER
2011-12-23 11:08 . 2011-12-23 11:08 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6821000D-CF02-4286-81D7-8D9AC54316C3}\gapaengine.dll
2011-12-23 11:04 . 2011-12-23 11:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-12-23 11:04 . 2011-12-23 11:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-23 09:42 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21752AB2-E969-4F37-AA66-EA9B19FBFFF0}\mpengine.dll
2011-12-22 14:37 . 2001-09-05 05:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-12-22 14:37 . 2001-09-05 05:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-12-22 14:37 . 2001-09-05 05:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-12-22 14:37 . 2001-09-05 05:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-12-20 17:46 . 2011-12-20 17:46 -------- d-----w- c:\users\Roman\AppData\Roaming\VC 2 Paradise Resort
2011-12-20 17:16 . 2011-12-20 17:33 -------- d-----w- c:\users\Roman\AppData\Roaming\MetaProducts
2011-12-19 19:16 . 2011-12-20 20:49 -------- d-----w- c:\users\Roman\AppData\Roaming\FOG Downloader
2011-12-18 22:07 . 2011-12-20 15:22 -------- d-----w- c:\users\Roman\AppData\Roaming\Origin
2011-12-18 22:07 . 2011-12-18 22:07 -------- d-----w- c:\users\Roman\AppData\Local\Origin
2011-12-18 22:07 . 2011-12-20 15:22 -------- d-----w- c:\programdata\Origin
2011-12-18 22:07 . 2011-12-18 22:07 -------- d-----w- c:\program files (x86)\Origin Games
2011-12-13 18:46 . 2011-12-13 18:46 -------- d-----w- c:\program files (x86)\NCsoft
2011-12-03 18:38 . 2012-01-01 15:56 -------- d-----w- c:\users\Roman\AppData\Local\PMB Files
2011-12-03 18:38 . 2012-01-01 15:56 -------- d-----w- c:\programdata\PMB Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 21:13 . 2011-01-22 19:06 3842 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-12-13 10:01 . 2009-11-16 14:00 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-11-26 10:34 . 2011-05-27 12:04 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 16:47 . 2011-11-23 16:47 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2011-11-10 03:45 . 2011-11-10 03:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 03:20 . 2011-11-10 03:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 03:17 . 2011-11-10 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 03:16 . 2011-11-10 03:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 03:15 . 2010-07-07 01:53 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 03:12 . 2011-11-10 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 03:12 . 2011-11-10 03:12 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 03:11 . 2011-11-10 03:11 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 03:10 . 2011-11-10 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 03:09 . 2011-11-10 03:09 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 03:09 . 2011-11-10 03:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 03:09 . 2011-11-10 03:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 03:09 . 2011-11-10 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 03:09 . 2011-11-10 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 03:09 . 2011-11-10 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 03:06 . 2011-11-10 03:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 02:58 . 2011-11-10 02:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 02:51 . 2010-07-07 01:37 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 02:40 . 2011-11-10 02:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 02:40 . 2011-11-10 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 02:40 . 2011-11-10 02:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 02:34 . 2011-11-10 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 02:34 . 2011-11-10 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 02:34 . 2011-11-10 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 02:34 . 2011-11-10 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 02:34 . 2011-11-10 02:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 02:33 . 2011-11-10 02:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 02:29 . 2011-11-10 02:29 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 02:29 . 2011-11-10 02:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 02:24 . 2011-11-10 02:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 02:18 . 2010-07-07 01:24 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 02:13 . 2011-11-10 02:13 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 02:13 . 2011-11-10 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 02:13 . 2011-11-10 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 02:12 . 2011-11-10 02:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 02:12 . 2011-11-10 02:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 02:11 . 2010-07-07 01:15 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 02:11 . 2011-11-10 02:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 02:11 . 2011-11-10 02:11 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 02:11 . 2011-11-10 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 02:11 . 2011-09-08 16:51 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 02:11 . 2011-11-10 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 02:10 . 2011-11-10 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-09 21:39 . 2011-11-09 21:39 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-11-09 21:39 . 2011-11-09 21:39 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-11-09 21:39 . 2011-11-09 21:39 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-11-09 21:39 . 2011-11-09 21:39 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-11-09 21:39 . 2011-11-09 21:39 17442304 ----a-w- c:\windows\system32\amdocl64.dll
2011-11-09 21:38 . 2011-11-09 21:38 14375936 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-25 20:21 . 2011-10-25 20:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-23 16:46 . 2011-10-23 16:46 27176 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2011-10-23 16:46 . 2011-10-23 16:46 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-10-23 16:46 . 2011-10-23 16:46 13352 ----a-w- c:\windows\system32\drivers\ggflt.sys
2011-10-21 19:16 . 2011-10-21 19:16 1843200 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-10-21 19:15 . 2011-10-21 19:15 104448 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-10-21 19:12 . 2011-10-21 19:12 2763264 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-10-21 19:07 . 2011-10-21 19:07 125440 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-10-19 13:27 . 2011-03-16 15:44 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-10-16 21:17 . 2011-10-16 21:17 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-16 21:17 . 2011-10-16 21:17 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKslbabd29a7;MpKslbabd29a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7FC3E59-4A1E-4B83-A452-5ADB0833372F}\MpKslbabd29a7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R3 dump_wmimmc;dump_wmimmc;c:\hry\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\programy\Garena\safedrv.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Roman\AppData\Local\Temp\0033997.tmp [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-09 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files (x86)\ESET\x86\ekrn.exe [2010-11-18 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE" [2005-02-02 98304]
"egui"="c:\program files (x86)\ESET\egui.exe" [2010-11-18 2919168]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF2437.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download All by Gigaget - c:\programy\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\programy\Gigaget\geturl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 217.197.152.132 217.197.144.22
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Roman\AppData\Local\Temp\0033997.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1756617775-4045922924-3401292323-1002)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1756617775-4045922924-3401292323-1002)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1756617775-4045922924-3401292323-1002)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1756617775-4045922924-3401292323-1002)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1756617775-4045922924-3401292323-1002)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d3,cf,fa,ad,60,01,3c,40,71,8a,1f,0f,df,e6,e4,1e,11,51,e5,3b,ec,36,f0,
80,55,b5,05,59,e0,48,e7,fb,ae,6f,58,c2,4b,00,b9,12,d3,06,8c,f7,a2,cd,dc,97,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-1756617775-4045922924-3401292323-1002\Software\SecuROM\License information*]
"datasecu"=hex:12,14,5a,4e,ed,32,f9,35,47,fa,fc,a4,8f,15,e4,f6,96,f2,28,41,46,
af,0c,13,e0,1a,a6,a8,15,56,ae,49,b3,8e,f3,e5,d8,68,83,69,4f,d9,a0,66,c4,10,\
"rkeysecu"=hex:69,65,04,5f,d7,46,27,eb,97,18,b9,5a,1d,50,ee,60
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-01-01 21:51:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-01 20:51
.
Před spuštěním: Volných bajtů: 239 016 300 544
Po spuštění: Volných bajtů: 238 437 150 720
.
- - End Of File - - 7B0C876E430477B05035BC4980E30F01

#4 Příspěvek od **Rudy** » 01 led 2012 22:21

1. Odinstalujte jeden antivir. Pokud si ponecháte Eset, pak i Lavasoft. Docházelo by k sw kolizím.
2. Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\users\Roman\AppData\Local\Temp\0033997.tmp

Driver::
X6va003

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

maturo164 · #5 Příspěvek od **maturo164** » 01 led 2012 22:50

Hotovo, nechal jsem si ten Microsoft Security Essentials,
CO jste říkal hotov, ale u všech aplikací, které chci spustit to teďka píše - Adresář a pod tím Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění.
Když však program spustím před pravé tlačítko a Spustit jako správce, vše je OK.
Mám ještě dělat něco dál?

#6 Příspěvek od **Rudy** » 02 led 2012 18:10

Zkuste obnovu systému k datu, kdy korektně fungoval.

VIRY.CZ

(možná) Virus který zpomaluje internet

(možná) Virus který zpomaluje internet

Re: (možná) Virus který zpomaluje internet

Re: (možná) Virus který zpomaluje internet

Re: (možná) Virus který zpomaluje internet

Re: (možná) Virus který zpomaluje internet

Re: (možná) Virus který zpomaluje internet