VIRY.CZ

Zdravím, mám menší problém s kámošky notebookem. Pár virů se našlo, ale radši bych si ještě nechal poradit. Předem díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by Petra at 2011-10-19 20:50:33
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 70 GB (24%) free of 291 GB
Total RAM: 3836 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:36, on 19.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Petra\AppData\Local\Seznam.cz\postak.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\Petra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Petra\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Petra\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Petra\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Petra\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Petra\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8400 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Petra\AppData\Local\Seznam.cz\postak.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Petra\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForPetra.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-12 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-07 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-12 171520]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Users\Petra\AppData\Local\Seznam.cz\postak.exe [2010-05-19 462104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-12-12 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-10-20 06:39:18 ----D---- C:\ProgramData\Recovery
2011-10-19 20:44:18 ----D---- C:\Program Files\trend micro
2011-10-19 20:44:17 ----D---- C:\rsit
2011-10-19 19:05:53 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-19 19:05:53 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-19 19:05:52 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-19 19:05:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-19 19:05:52 ----A---- C:\Windows\system32\url.dll
2011-10-19 19:05:52 ----A---- C:\Windows\system32\iertutil.dll
2011-10-19 19:05:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-19 19:05:51 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-19 19:05:51 ----A---- C:\Windows\system32\urlmon.dll
2011-10-19 19:05:51 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-19 19:05:50 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-19 19:05:50 ----A---- C:\Windows\system32\wininet.dll
2011-10-19 19:05:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-19 19:05:49 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-19 19:05:49 ----A---- C:\Windows\system32\jscript9.dll
2011-10-19 19:05:49 ----A---- C:\Windows\system32\ieui.dll
2011-10-19 19:05:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-19 19:05:48 ----A---- C:\Windows\system32\jscript.dll
2011-10-19 19:05:47 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-19 19:05:46 ----A---- C:\Windows\system32\mshtml.dll
2011-10-19 19:05:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-19 19:05:44 ----A---- C:\Windows\system32\ieframe.dll
2011-10-19 18:04:15 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-10-19 18:04:15 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-10-19 18:04:15 ----A---- C:\Windows\SYSWOW64\java.exe
2011-10-19 18:03:24 ----D---- C:\Program Files\CCleaner
2011-10-19 18:02:27 ----A---- C:\Windows\system32\win32k.sys
2011-10-19 18:02:26 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-19 18:02:26 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-19 18:02:24 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-19 18:02:24 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-19 18:02:24 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-19 18:02:24 ----A---- C:\Windows\system32\oleacc.dll
2011-10-19 17:59:29 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2011-10-19 17:59:26 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-10-19 17:59:16 ----D---- C:\Program Files\Microsoft Security Client
2011-09-28 14:06:58 ----D---- C:\ProgramData\AVAST Software
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\msrating.dll
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\msls31.dll
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2011-09-27 17:55:35 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\inseng.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\icardie.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2011-09-27 17:55:34 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\wextract.exe
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\mshta.exe
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-09-27 17:55:33 ----A---- C:\Windows\SYSWOW64\admparse.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-09-27 17:55:32 ----A---- C:\Windows\system32\pngfilt.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\occache.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\msrating.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\msls31.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\mshta.exe
2011-09-27 17:55:32 ----A---- C:\Windows\system32\ieUnatt.exe
2011-09-27 17:55:32 ----A---- C:\Windows\system32\ieakui.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\ieaksie.dll
2011-09-27 17:55:32 ----A---- C:\Windows\system32\admparse.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-09-27 17:55:31 ----A---- C:\Windows\system32\mshtmler.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\msfeedssync.exe
2011-09-27 17:55:31 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\imgutil.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\iesysprep.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\iepeers.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\ieakeng.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\dxtrans.dll
2011-09-27 17:55:31 ----A---- C:\Windows\system32\dxtmsft.dll
2011-09-27 17:55:30 ----A---- C:\Windows\system32\iesetup.dll
2011-09-27 17:55:30 ----A---- C:\Windows\system32\iernonce.dll
2011-09-27 17:55:30 ----A---- C:\Windows\system32\iedkcs32.dll
2011-09-27 17:55:30 ----A---- C:\Windows\system32\ieapfltr.dll
2011-09-27 17:55:30 ----A---- C:\Windows\system32\ieapfltr.dat
2011-09-27 17:55:30 ----A---- C:\Windows\system32\ie4uinit.exe
2011-09-27 17:55:30 ----A---- C:\Windows\system32\icardie.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\wextract.exe
2011-09-27 17:55:29 ----A---- C:\Windows\system32\webcheck.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\vbscript.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\msfeeds.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\licmgr10.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\inseng.dll
2011-09-27 17:55:29 ----A---- C:\Windows\system32\iexpress.exe
2011-09-27 17:25:39 ----D---- C:\Users\Petra\AppData\Roaming\IObit
2011-09-27 17:25:18 ----D---- C:\Windows\system32\SPReview
2011-09-27 17:22:48 ----D---- C:\Windows\system32\EventProviders

======List of files/folders modified in the last 1 month======

2011-10-20 06:39:18 ----HD---- C:\ProgramData
2011-10-19 20:49:17 ----D---- C:\Windows\Temp
2011-10-19 20:46:17 ----D---- C:\Windows\System32
2011-10-19 20:46:17 ----D---- C:\Windows\inf
2011-10-19 20:46:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-19 20:44:18 ----RD---- C:\Program Files
2011-10-19 20:41:59 ----D---- C:\Windows\system32\config
2011-10-19 20:41:45 ----D---- C:\Windows
2011-10-19 20:41:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-19 20:35:31 ----D---- C:\Program Files (x86)\CyberLink
2011-10-19 20:35:30 ----D---- C:\ProgramData\CyberLink
2011-10-19 20:35:28 ----SHD---- C:\Windows\Installer
2011-10-19 20:35:06 ----D---- C:\Windows\debug
2011-10-19 20:34:09 ----SHD---- C:\System Volume Information
2011-10-19 20:33:20 ----RD---- C:\Program Files (x86)
2011-10-19 20:30:57 ----D---- C:\Windows\winsxs
2011-10-19 20:28:11 ----D---- C:\Program Files (x86)\FreeTime
2011-10-19 20:27:56 ----D---- C:\Windows\system32\drivers
2011-10-19 20:27:55 ----D---- C:\Windows\system32\DriverStore
2011-10-19 20:27:55 ----D---- C:\Windows\system32\catroot
2011-10-19 20:27:17 ----D---- C:\Program Files (x86)\VDownloader
2011-10-19 20:25:28 ----D---- C:\Windows\Microsoft.NET
2011-10-19 20:25:26 ----RSD---- C:\Windows\assembly
2011-10-19 20:15:43 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-19 20:14:54 ----D---- C:\Windows\SYSWOW64\migration
2011-10-19 20:14:54 ----D---- C:\Windows\SysWOW64
2011-10-19 20:14:54 ----D---- C:\Windows\system32\migration
2011-10-19 20:14:54 ----D---- C:\Windows\ehome
2011-10-19 20:14:54 ----D---- C:\Program Files\Internet Explorer
2011-10-19 20:14:54 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-19 19:57:21 ----SD---- C:\Users\Petra\AppData\Roaming\Microsoft
2011-10-19 19:16:04 ----SD---- C:\ProgramData\Microsoft
2011-10-19 19:13:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-10-19 19:12:00 ----A---- C:\Windows\system32\MRT.exe
2011-10-19 19:06:04 ----D---- C:\Windows\system32\catroot2
2011-10-19 19:05:32 ----D---- C:\Program Files (x86)\Microsoft Works
2011-10-19 18:54:42 ----D---- C:\ProgramData\Microsoft Help
2011-10-19 18:54:32 ----D---- C:\Program Files (x86)\Microsoft Office
2011-10-19 18:53:52 ----D---- C:\Windows\system32\FxsTmp
2011-10-19 18:52:30 ----D---- C:\Windows\SHELLNEW
2011-10-19 18:04:29 ----D---- C:\Program Files (x86)\Common Files
2011-10-19 18:04:02 ----D---- C:\Program Files (x86)\Java
2011-10-03 05:06:03 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-10-02 00:02:02 ----D---- C:\Users\Petra\AppData\Roaming\ICQ
2011-09-29 21:26:01 ----D---- C:\Windows\Tasks
2011-09-29 21:26:01 ----D---- C:\Windows\system32\wfp
2011-09-29 21:26:01 ----D---- C:\Windows\system32\wbem
2011-09-29 21:26:01 ----D---- C:\Windows\system32\Tasks
2011-09-29 21:26:00 ----D---- C:\Windows\system32\CodeIntegrity
2011-09-29 21:25:53 ----D---- C:\Windows\registration
2011-09-29 21:21:11 ----D---- C:\Windows\system32\LogFiles
2011-09-28 14:05:16 ----D---- C:\Program Files (x86)\Hewlett-Packard
2011-09-27 19:13:44 ----D---- C:\Windows\Panther
2011-09-27 19:13:34 ----D---- C:\Windows\WindowsMobile
2011-09-27 19:10:41 ----D---- C:\ProgramData\Hewlett-Packard
2011-09-27 18:53:50 ----D---- C:\Windows\Logs
2011-09-27 18:47:18 ----D---- C:\ProgramData\Skype
2011-09-27 18:44:53 ----A---- C:\ProgramData\HPWALog.txt
2011-09-27 18:28:27 ----D---- C:\Windows\SYSWOW64\en-US
2011-09-27 18:28:27 ----D---- C:\Windows\SYSWOW64\cs-CZ
2011-09-27 18:28:27 ----D---- C:\Windows\system32\en-US
2011-09-27 18:28:27 ----D---- C:\Windows\system32\cs-CZ
2011-09-27 18:28:27 ----D---- C:\Windows\PolicyDefinitions
2011-09-27 18:25:29 ----D---- C:\Windows\Prefetch
2011-09-27 18:03:29 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-09-27 18:03:29 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-09-27 18:03:29 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-09-27 18:03:29 ----D---- C:\Program Files (x86)\Windows Media Player
2011-09-27 18:03:29 ----D---- C:\Program Files (x86)\Windows Mail
2011-09-27 18:03:28 ----D---- C:\Program Files\Windows Sidebar
2011-09-27 18:03:28 ----D---- C:\Program Files\Windows Portable Devices
2011-09-27 18:03:28 ----D---- C:\Program Files\Windows Photo Viewer
2011-09-27 18:03:28 ----D---- C:\Program Files\Windows Media Player
2011-09-27 18:03:28 ----D---- C:\Program Files\Windows Mail
2011-09-27 18:03:28 ----D---- C:\Program Files\DVD Maker
2011-09-27 18:03:27 ----D---- C:\Windows\servicing
2011-09-27 18:03:27 ----D---- C:\Program Files\Windows Defender
2011-09-27 18:03:20 ----D---- C:\Windows\SYSWOW64\oobe
2011-09-27 18:03:20 ----D---- C:\Windows\SYSWOW64\da-DK
2011-09-27 18:03:19 ----D---- C:\Windows\SYSWOW64\Setup
2011-09-27 18:03:19 ----D---- C:\Windows\SYSWOW64\cs
2011-09-27 18:03:19 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2011-09-27 18:03:18 ----D---- C:\Windows\SYSWOW64\wbem
2011-09-27 18:03:18 ----D---- C:\Windows\SYSWOW64\sppui
2011-09-27 18:03:18 ----D---- C:\Windows\SYSWOW64\manifeststore
2011-09-27 18:03:18 ----D---- C:\Windows\SYSWOW64\es-ES
2011-09-27 18:03:17 ----D---- C:\Windows\SYSWOW64\migwiz
2011-09-27 18:03:17 ----D---- C:\Windows\SYSWOW64\Dism
2011-09-27 18:03:05 ----D---- C:\Windows\system32\Setup
2011-09-27 18:03:05 ----D---- C:\Windows\system32\oobe
2011-09-27 18:03:05 ----D---- C:\Windows\system32\da-DK
2011-09-27 18:03:05 ----D---- C:\Windows\system32\cs
2011-09-27 18:03:05 ----D---- C:\Windows\system32\AdvancedInstallers
2011-09-27 18:03:04 ----D---- C:\Windows\system32\sppui
2011-09-27 18:03:04 ----D---- C:\Windows\system32\manifeststore
2011-09-27 18:03:04 ----D---- C:\Windows\system32\es-ES
2011-09-27 18:03:03 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-09-27 18:03:02 ----D---- C:\Windows\system32\migwiz
2011-09-27 18:03:02 ----D---- C:\Windows\system32\Dism
2011-09-27 18:02:48 ----RSD---- C:\Windows\Fonts
2011-09-27 18:02:47 ----D---- C:\Windows\AppPatch
2011-09-27 18:02:36 ----D---- C:\Windows\system32\Boot
2011-09-27 18:01:47 ----D---- C:\Windows\system32\drivers\UMDF
2011-09-27 17:48:40 ----D---- C:\Users\Petra\AppData\Roaming\DAEMON Tools Lite
2011-09-27 17:41:02 ----A---- C:\Windows\SYSWOW64\msclmd.dll
2011-09-27 17:41:01 ----A---- C:\Windows\system32\msclmd.dll
2011-09-27 17:34:57 ----D---- C:\ProgramData\Norton

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-12-01 834544]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-09-21 1484800]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-07-24 119312]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-05 6038016]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-17 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-09-17 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-17 21160]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 fbbmahph;fbbmahph; \??\C:\Windows\system32\drivers\fbbmahph.sys []
S1 fmqbupxy;fmqbupxy; \??\C:\Windows\system32\drivers\fmqbupxy.sys []
S1 khnbkexj;khnbkexj; \??\C:\Windows\system32\drivers\khnbkexj.sys []
S1 lbkkrugq;lbkkrugq; \??\C:\Windows\system32\drivers\lbkkrugq.sys []
S1 mqgdfbwn;mqgdfbwn; \??\C:\Windows\system32\drivers\mqgdfbwn.sys []
S1 opqscxhb;opqscxhb; \??\C:\Windows\system32\drivers\opqscxhb.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 ai96jb4y;ai96jb4y; C:\Windows\system32\drivers\ai96jb4y.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;Ovladač WinUsb; C:\Windows\system32\drivers\WinUSB.SYS [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-05 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-09-04 873248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 135664]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-06-06 250616]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 135664]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1255736]

-----------------EOF-----------------

Zdravim a pekny vece preji

p858 píše:Pár virů se našlo

Kde jak a cim

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Čím:
Microsoft Security Essentials (předtím tu nebylo nic, tak sem zvolil tudle variantu, je to ok?)
Jak:
Ručně spuštěná kontrola

Počítač také očas "pípá". (HP Compaq Presario CQ61-430EC)

ComboFix 11-10-19.06 - Petra 19.10.2011 21:05:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3836.2633 [GMT 2:00]
Spuštěný z: c:\users\Petra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-19 do 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-20 04:39 . 2011-10-20 04:39 -------- d-----w- c:\programdata\Recovery
2011-10-19 19:10 . 2011-10-19 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-19 18:44 . 2011-10-19 18:50 -------- d-----w- c:\program files\trend micro
2011-10-19 18:44 . 2011-10-19 18:44 -------- d-----w- C:\rsit
2011-10-19 18:41 . 2011-10-19 18:41 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A60EE62-63AE-47E7-9540-5DA8FE5A3BF9}\offreg.dll
2011-10-19 16:07 . 2011-09-12 15:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-19 16:07 . 2011-10-06 19:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A60EE62-63AE-47E7-9540-5DA8FE5A3BF9}\mpengine.dll
2011-10-19 16:06 . 2011-10-19 16:06 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39009BD1-FD3A-48C7-9F37-8BD8419709E0}\gapaengine.dll
2011-10-19 16:04 . 2011-10-19 16:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-19 16:03 . 2011-10-19 16:03 -------- d-----w- c:\program files\CCleaner
2011-10-19 16:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-19 16:02 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-19 16:02 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-19 16:02 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-19 16:02 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-19 16:02 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-19 16:02 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-19 16:02 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-19 16:02 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-19 15:59 . 2011-10-19 15:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-19 15:59 . 2011-10-19 15:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-01 19:31 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{668FDCB5-C32A-4096-A751-95A11EA99164}\mpengine.dll
2011-09-28 12:06 . 2011-09-28 12:06 -------- d-----w- c:\programdata\AVAST Software
2011-09-27 15:25 . 2011-09-27 15:26 -------- d-----w- c:\users\Petra\AppData\Roaming\IObit
2011-09-27 15:25 . 2011-09-27 15:25 -------- d-----w- c:\windows\system32\SPReview
2011-09-27 15:22 . 2011-09-27 15:22 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-07-20 17:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-27 15:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-27 15:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-08 04:51 . 2010-08-30 19:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-08-08 04:51 . 2010-08-30 19:10 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\users\Petra\AppData\Local\Seznam.cz\postak.exe" [2010-05-19 462104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 fbbmahph;fbbmahph;c:\windows\system32\drivers\fbbmahph.sys [x]
R1 fmqbupxy;fmqbupxy;c:\windows\system32\drivers\fmqbupxy.sys [x]
R1 khnbkexj;khnbkexj;c:\windows\system32\drivers\khnbkexj.sys [x]
R1 lbkkrugq;lbkkrugq;c:\windows\system32\drivers\lbkkrugq.sys [x]
R1 mqgdfbwn;mqgdfbwn;c:\windows\system32\drivers\mqgdfbwn.sys [x]
R1 opqscxhb;opqscxhb;c:\windows\system32\drivers\opqscxhb.sys [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 21:50]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 21:50]
.
2011-09-25 c:\windows\Tasks\HPCeeScheduleForPetra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-10-19 21:12:41
ComboFix-quarantined-files.txt 2011-10-19 19:12
.
Před spuštěním: Volných bajtů: 73 380 917 248
Po spuštění: Volných bajtů: 72 891 445 248
.
- - End Of File - - BA717E0288F13CFB460B965AC84F10CE

MSE patri mezi docela dobre free varianty reseni zabezpeceni

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\AVAST Software
c:\users\Petra\AppData\Roaming\IObit

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-
"DivXUpdate"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
fbbmahph
fmqbupxy
khnbkexj
lbkkrugq
mqgdfbwn
opqscxhb
gupdate
gupdatem

Collect::
c:\windows\system32\drivers\fbbmahph.sys
c:\windows\system32\drivers\fmqbupxy.sys
c:\windows\system32\drivers\khnbkexj.sys
c:\windows\system32\drivers\lbkkrugq.sys
c:\windows\system32\drivers\mqgdfbwn.sys
c:\windows\system32\drivers\opqscxhb.sys

File::
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForPetra.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Vše proběhlo bez problémů.

ComboFix 11-10-19.06 - Petra 19.10.2011 21:44:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3836.2467 [GMT 2:00]
Spuštěný z: c:\users\Petra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petra\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\HPCeeScheduleForPetra.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVAST Software
c:\programdata\AVAST Software\Avast\aswResp.dat
c:\programdata\AVAST Software\Avast\db1ca7af4c771f988-14388018.dat
c:\programdata\AVAST Software\Avast\db1cafa6556fab818-9ab6b4ef.dat
c:\programdata\AVAST Software\Avast\HtmlData\Blocked.htm
c:\programdata\AVAST Software\Avast\HtmlData\image001.png
c:\programdata\AVAST Software\Avast\chest\00000001
c:\programdata\AVAST Software\Avast\chest\index.xml
c:\programdata\AVAST Software\Avast\Log.db
c:\programdata\AVAST Software\Avast\log\AshWebSv.ws
c:\programdata\AVAST Software\Avast\log\aswAr.log
c:\programdata\AVAST Software\Avast\log\Chest.log
c:\programdata\AVAST Software\Avast\log\Mail.log
c:\programdata\AVAST Software\Avast\log\nshield.log
c:\programdata\AVAST Software\Avast\log\selfdef.log
c:\programdata\AVAST Software\Avast\log\Setup.log
c:\programdata\AVAST Software\Avast\log\usntr.log
c:\programdata\AVAST Software\Avast\report\BehaviorShield.txt
c:\programdata\AVAST Software\Avast\report\EmailShield.txt
c:\programdata\AVAST Software\Avast\report\FileSystemShield.txt
c:\programdata\AVAST Software\Avast\report\IMShield.txt
c:\programdata\AVAST Software\Avast\report\NetworkShield.txt
c:\programdata\AVAST Software\Avast\report\P2PShield.txt
c:\programdata\AVAST Software\Avast\report\ScriptShield.txt
c:\programdata\AVAST Software\Avast\report\WebShield.txt
c:\programdata\AVAST Software\Avast\snx_gconfig.xml
c:\programdata\AVAST Software\Avast\snx_lconfig.xml
c:\programdata\AVAST Software\Avast\sounds\fw_question.wav
c:\programdata\AVAST Software\Avast\sounds\scan_completed.wav
c:\programdata\AVAST Software\Avast\sounds\threat_detected.wav
c:\programdata\AVAST Software\Avast\sounds\virus_db_updated.wav
c:\programdata\AVAST Software\Avast\URL.db
c:\users\Petra\AppData\Roaming\IObit
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\AutoSweep.ini
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-09-27(17-30-04).reg
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-09-27(19-11-03).reg
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Ignore.ini
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Log\ASCLog-2011-09-27(17-30-04).txt
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Log\ASCLog-2011-09-27(19-11-03).txt
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\Main.ini
c:\users\Petra\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor\Config.ini
c:\users\Petra\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\users\Petra\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\users\Petra\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\HPCeeScheduleForPetra.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_fbbmahph
-------\Service_fmqbupxy
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_khnbkexj
-------\Service_lbkkrugq
-------\Service_mqgdfbwn
-------\Service_opqscxhb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-19 do 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-20 04:39 . 2011-10-20 04:39 -------- d-----w- c:\programdata\Recovery
2011-10-19 19:49 . 2011-10-19 19:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A60EE62-63AE-47E7-9540-5DA8FE5A3BF9}\offreg.dll
2011-10-19 18:44 . 2011-10-19 18:50 -------- d-----w- c:\program files\trend micro
2011-10-19 18:44 . 2011-10-19 18:44 -------- d-----w- C:\rsit
2011-10-19 16:07 . 2011-09-12 15:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-19 16:07 . 2011-10-06 19:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A60EE62-63AE-47E7-9540-5DA8FE5A3BF9}\mpengine.dll
2011-10-19 16:06 . 2011-10-19 16:06 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39009BD1-FD3A-48C7-9F37-8BD8419709E0}\gapaengine.dll
2011-10-19 16:04 . 2011-10-19 16:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-19 16:03 . 2011-10-19 16:03 -------- d-----w- c:\program files\CCleaner
2011-10-19 16:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-19 16:02 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-19 16:02 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-19 16:02 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-19 16:02 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-19 16:02 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-19 16:02 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-19 16:02 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-19 16:02 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-19 15:59 . 2011-10-19 15:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-10-19 15:59 . 2011-10-19 15:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-01 19:31 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{668FDCB5-C32A-4096-A751-95A11EA99164}\mpengine.dll
2011-09-27 15:25 . 2011-09-27 15:25 -------- d-----w- c:\windows\system32\SPReview
2011-09-27 15:22 . 2011-09-27 15:22 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-07-20 17:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-27 15:41 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-09-27 15:41 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-08 04:51 . 2010-08-30 19:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-08-08 04:51 . 2010-08-30 19:10 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-19_19.10.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:46 . 2011-10-19 19:19 94472 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-02-17 00:21 . 2011-10-19 18:36 4134 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-02-17 00:21 . 2011-10-19 19:49 4134 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-10-19 18:41 . 2011-10-19 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-19 19:49 . 2011-10-19 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-19 18:41 . 2011-10-19 18:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-19 19:49 . 2011-10-19 19:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-10-19 18:46 618108 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-19 19:22 618108 c:\windows\system32\perfh009.dat
- 2009-12-12 15:20 . 2011-10-19 18:46 633392 c:\windows\system32\perfh005.dat
+ 2009-12-12 15:20 . 2011-10-19 19:22 633392 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-10-19 19:22 107388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-19 18:46 107388 c:\windows\system32\perfc009.dat
- 2009-12-12 15:20 . 2011-10-19 18:46 122914 c:\windows\system32\perfc005.dat
+ 2009-12-12 15:20 . 2011-10-19 19:22 122914 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-10-19 18:36 358544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-19 19:49 358544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-27 17:15 . 2011-10-19 19:49 607444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2323846351-666326783-1172851540-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\users\Petra\AppData\Local\Seznam.cz\postak.exe" [2010-05-19 462104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF21496.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2011-10-19 21:54:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-19 19:54
ComboFix2.txt 2011-10-19 19:12
.
Před spuštěním: Volných bajtů: 72 937 164 800
Po spuštění: Volných bajtů: 72 216 629 248
.
- - End Of File - - 5056AE48E5EC1D04416695C177838682

Jak se chova nas pacient

Vše vypadá dobře, ale ještě si občas "pípne".. dříve pípal poměrně často víckrát za sebou (někdy 2x někdy 5x cca..). Teď občas jednou. Jinak vypadá, že už je vše v pořádku.

Ale s tímto problémem už zajdu jinam. Vám bych chtěl opět poděkovat, fórum podpořím hned jak přijde výplata, nikdo nemakáme zadarmo.
Jinak bych se ještě chtěl zeptat, jak dočistit PC? Myslím zbytky po Combofixu hlavně (posledně si mysleli, že jsem používal sám, tak se radši chci vyhnout..). Můžu pomoci T-Cleaner?

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Za podporu fora jmenem celeho tymu dekuji

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

VIRY.CZ

kontrola počítače

kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače

Re: kontrola počítače