System tool - znova :)

[motji]

To není ono , script byl v tom code, to zelené

[Skyro]

Noo, ved to v code som tam aj zadal

[motji]

Fajn, srchast.dll jste si smazal , ten pak ověřím, pro jistotu.


tohle znáte?
C:\users\Sprava\AppData\Roaming\InstallMon.exe

A ještě poprosím o ten mbam

[Skyro]

Ne-e neznam, nepouzivam, mozno som tam nieco take daval, ale urcite to nepouzivam. A na ten druhy idem hned

[motji]

Prosím otestujte to na www.virustotal.com
C:\users\Sprava\AppData\Roaming\InstallMon.exe

[Skyro]

MBAM Log :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5777

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17. 2. 2011 4:38:41
mbam-log-2011-02-17 (04-38-37).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 424892
Uplynulý čas: 57 minut, 31 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 10

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\Software\Microsoft\setiasworld (Malware.Trace) -> Value: setiasworld -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\Users\Sprava\AppData\Roaming\microsoft\lsass.exe.vir (Backdoor.IRCBot) -> No action taken.
c:\Qoobox\quarantine\C\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe.vir (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Sprava\AppData\Roaming\index.php (Trojan.Downloader) -> No action taken.
c:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\Sprava\Desktop\gta.iv.crack.securom\launchgtaiv.exe (Risktool.Crack) -> No action taken.
d:\Games\porrasturvat - stair dismount\msvcp60.dll (Malware.Packer.Gen) -> No action taken.
d:\Programs\mozilla firefox\update.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\Sprava\AppData\Roaming\microsoft\a1.7z (Trojan.Downloader) -> No action taken.
c:\Users\Sprava\AppData\Roaming\microsoft\n (Malware.Traces) -> No action taken.
c:\Users\Sprava\Desktop\explorer.com (Heuristics.Reserved.Word.Exploit) -> No action taken.

[motji]

V mbamu vše smažte.
Jak je na tom počítač?

[Skyro]

Pocitac je na tom slusne, facebook myslim (fakt len myslim) ze uz neblbne, na ask.com ma uz nehadze, net ide...vyzera to ze v pohode, bude treba este nieco?

//Log po odstraneni cez MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Verze databáze: 5777

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17. 2. 2011 16:28:41
mbam-log-2011-02-17 (16-28-41).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 424500
Uplynulý čas: 1 hodin, 1 minut, 46 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 10

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\Software\Microsoft\setiasworld (Malware.Trace) -> Value: setiasworld -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Qoobox\quarantine\C\Users\Sprava\AppData\Roaming\microsoft\lsass.exe.vir (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Sprava\AppData\Roaming\index.php (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Sprava\Desktop\gta.iv.crack.securom\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
d:\Games\porrasturvat - stair dismount\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\Programs\mozilla firefox\update.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\Sprava\AppData\Roaming\microsoft\a1.7z (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sprava\AppData\Roaming\microsoft\n (Malware.Traces) -> Quarantined and deleted successfully.
c:\Users\Sprava\Desktop\explorer.com (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Virustotal mi vyhodi toto po otestovani InstallMON.exe

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 8147dd108b1f429c747e9f798f1a76fb
Date first seen: 2010-07-01 21:12:16 (UTC)
Date last seen: 2010-09-03 06:48:12 (UTC)
Detection ratio: 22/43

What do you wish to do?

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2

Collect::
C:\users\Sprava\AppData\Roaming\InstallMon.exe

Dirlook::
c:\Users\Sprava\AppData\Roaming
c:\Users\Sprava\AppData\Roaming\microsoft

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\users\Sprava\AppData\Roaming\InstallMon.exe"=-

File::
c:\users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk 

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Skyro]

Log je hotovy, kedze ma 1 063 143 znakov, ho sem nevlozim ani do rana, cize ako ho k Vam dostanem? Uploadnem? (Vyberte si oblubeny server )

[motji]

to mám jako pohádku před spaním,jo?
Tak mi to pošlete na www.leteckaposta.cz. Link vložte zde. A já si jdu hledat kapky do očí .

Jinak s počítačem vše ok?

[Skyro]

http://leteckaposta.cz/433037984

Poprosim o kontrolu toho dlhocizneho logu, asi to bude chciet o trochu silnejsi pc aby sa s tym textom dalo pracovat...

Mimochodom, dakujem Vam za takuto hnusnu robotu, velmi si to cenim

//PC sa chova zatial normalne, iba mi raz vyhodilo ze nemam pravo na zmenu zlozky Desktop ked som chcel nieco stiahnut (som admin pc), ale na druhy pokus to uz slapalo.

[motji]

Než to projdu, poprosím o nový log ze Rsitu .
Pořádně počítač odzkoušejte

[Skyro]

Samozrejmost

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sprava at 2011-02-17 22:20:52
Microsoft Windows 7 Ultimate
System drive C: has 284 MB (1%) free of 34 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:21:03, on 17. 2. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
D:\Programs\QIP Infium\infium.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Programs\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
D:\Programs\Mozilla Firefox\firefox.exe
D:\Programs\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Programs\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Sprava\Desktop\RSIT.exe
C:\Program Files\trend micro\Sprava.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Infium] "D:\Programs\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RGSC] D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - Startup: _uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk = Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - D:\Programs\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - D:\Programs\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 5683 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-13 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-11-25 336384]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Infium"=D:\Programs\QIP Infium\infium.exe [2010-03-12 5739472]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"RGSC"=D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
D:\Programs\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\Programs\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe [2007-02-12 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
D:\Programs\QIP Infium\infium.exe [2010-03-12 5739472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Programs\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Programs\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\Programs\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp325]
C:\Windows\vsnp325.exe [2006-10-10 827392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Programs\Steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp325]
C:\Windows\tsnp325.exe [2006-10-10 270336]

C:\Users\Sprava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk - C:\Users\Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Sprava\AppData\Local\Temp\0.20846286101495237.exe"="C:\Users\Sprava\AppData\Local\Temp\0.20846286101495237.exe:*:Enabled:ldrsoft"
"C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe"="C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe:*:Enabled:ldrsoft"
"C:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe"="C:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-17 19:19:50 ----SHD---- C:\$RECYCLE.BIN
2011-02-17 19:19:47 ----D---- C:\Windows\temp
2011-02-17 19:19:16 ----A---- C:\ComboFix.txt
2011-02-17 18:50:55 ----A---- C:\Windows\SWXCACLS.exe
2011-02-16 22:22:10 ----D---- C:\Users\Sprava\AppData\Roaming\Malwarebytes
2011-02-16 22:22:04 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-02-16 22:22:03 ----D---- C:\ProgramData\Malwarebytes
2011-02-16 22:22:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-16 22:22:01 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-02-16 17:08:58 ----A---- C:\Windows\zip.exe
2011-02-16 17:08:58 ----A---- C:\Windows\SWSC.exe
2011-02-16 17:08:58 ----A---- C:\Windows\SWREG.exe
2011-02-16 17:08:58 ----A---- C:\Windows\sed.exe
2011-02-16 17:08:58 ----A---- C:\Windows\PEV.exe
2011-02-16 17:08:58 ----A---- C:\Windows\NIRCMD.exe
2011-02-16 17:08:58 ----A---- C:\Windows\MBR.exe
2011-02-16 17:08:58 ----A---- C:\Windows\grep.exe
2011-02-16 17:08:46 ----D---- C:\Windows\ERDNT
2011-02-16 17:08:44 ----D---- C:\ruka
2011-02-16 17:08:24 ----D---- C:\Qoobox
2011-02-16 01:37:02 ----A---- C:\Windows\ntbtlog.txt
2011-02-15 23:54:11 ----D---- C:\ProgramData\Kaspersky Lab
2011-02-15 23:21:11 ----D---- C:\Program Files\trend micro
2011-02-15 23:21:10 ----D---- C:\rsit
2011-02-15 14:07:59 ----D---- C:\found.000
2011-02-14 15:32:32 ----D---- C:\Program Files\Pontifex
2011-02-14 15:32:15 ----D---- C:\Program Files\Bridge Building Game
2011-02-14 10:12:24 ----D---- C:\Program Files\WinAce
2011-02-03 17:05:50 ----A---- C:\Windows\system32\msvbvm50.dll
2011-02-03 17:05:48 ----A---- C:\Windows\system32\msrpjt40.dll
2011-02-03 17:05:47 ----A---- C:\Windows\system32\insrepim.exe
2011-02-03 17:05:42 ----A---- C:\Windows\system32\mdt2fw95.dll
2011-02-03 17:05:39 ----A---- C:\Windows\system32\rdocurs.dll
2011-02-03 17:05:39 ----A---- C:\Windows\system32\ntwdblib.DLL
2011-02-03 17:05:39 ----A---- C:\Windows\system32\Msrdo20.dll
2011-02-03 17:05:38 ----A---- C:\Windows\system32\DBmsSHRn.dll
2011-02-03 17:05:38 ----A---- C:\Windows\system32\dbmslpcn.dll
2011-02-03 17:05:10 ----A---- C:\Windows\IsUninst.exe
2011-02-03 17:05:06 ----D---- C:\Program Files\Microsoft SQL Server
2011-02-03 17:04:22 ----A---- C:\Windows\IsUn0804.exe
2011-02-02 20:06:07 ----D---- C:\Users\Sprava\AppData\Roaming\GHISLER
2011-02-02 20:06:07 ----D---- C:\totalcmd
2011-02-02 20:06:07 ----A---- C:\Windows\UC.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\RAR.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\PKZIP.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\PKUNZIP.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\NOCLOSE.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\LHA.PIF
2011-02-02 20:06:07 ----A---- C:\Windows\ARJ.PIF
2011-01-29 08:01:51 ----N---- C:\Windows\XIIIHooligans.ini
2011-01-26 17:48:29 ----D---- C:\Users\Sprava\AppData\Roaming\OnLive App
2011-01-26 17:48:10 ----D---- C:\Program Files\OnLive
2011-01-23 19:46:12 ----D---- C:\Program Files\HI-TECH Software
2011-01-22 11:51:58 ----D---- C:\ProgramData\SlySoft
2011-01-20 13:58:03 ----D---- C:\Program Files\Foxit Software

======List of files/folders modified in the last 1 months======

2011-02-17 22:21:03 ----D---- C:\Windows\Prefetch
2011-02-17 22:15:59 ----D---- C:\Users\Sprava\AppData\Roaming\Skype
2011-02-17 19:34:22 ----D---- C:\Users\Sprava\AppData\Roaming\skypePM
2011-02-17 19:19:47 ----AD---- C:\Windows
2011-02-17 19:17:40 ----N---- C:\Windows\system.ini
2011-02-17 19:17:31 ----D---- C:\Windows\system32\drivers\etc
2011-02-17 19:14:41 ----D---- C:\Windows\system32\drivers
2011-02-17 19:14:41 ----D---- C:\Windows\System32
2011-02-17 19:14:40 ----D---- C:\Windows\AppPatch
2011-02-17 19:14:40 ----D---- C:\Program Files\Common Files
2011-02-17 16:45:23 ----D---- C:\Windows\tracing
2011-02-17 16:28:41 ----SD---- C:\Users\Sprava\AppData\Roaming\Microsoft
2011-02-16 22:22:03 ----D---- C:\ProgramData
2011-02-16 22:22:01 ----RD---- C:\Program Files
2011-02-16 20:32:13 ----SHD---- C:\System Volume Information
2011-02-16 19:04:40 ----D---- C:\Windows\srchasst
2011-02-16 18:48:00 ----D---- C:\ProgramData\Alwil Software
2011-02-16 18:46:48 ----D---- C:\Windows\system32\config
2011-02-16 17:23:02 ----D---- C:\Windows\system
2011-02-16 16:26:42 ----D---- C:\Windows\system32\NDF
2011-02-16 14:00:04 ----D---- C:\Users\Sprava\AppData\Roaming\vlc
2011-02-16 13:59:51 ----D---- C:\Windows\inf
2011-02-16 13:59:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-16 12:54:29 ----D---- C:\Windows\system32\LogFiles
2011-02-14 21:38:15 ----D---- C:\Users\Sprava\AppData\Roaming\BitTorrent
2011-02-14 15:06:46 ----D---- C:\Windows\pss
2011-02-06 20:57:07 ----SHD---- C:\Windows\Installer
2011-02-06 20:57:06 ----D---- C:\Config.Msi
2011-02-06 20:55:04 ----RSD---- C:\Windows\assembly
2011-02-06 15:50:47 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-06 09:08:13 ----D---- C:\Windows\system32\catroot2
2011-02-03 17:05:38 ----D---- C:\Program Files\Common Files\microsoft shared
2011-02-03 17:05:15 ----HD---- C:\Program Files\Uninstall Information
2011-01-29 22:42:14 ----D---- C:\Users\Sprava\AppData\Roaming\abgx360
2011-01-26 15:14:07 ----D---- C:\Users\Sprava\AppData\Roaming\dvdcss
2011-01-23 19:46:11 ----D---- C:\Program Files\Common Files\Merge Modules
2011-01-22 11:49:49 ----D---- C:\Windows\system32\Tasks
2011-01-21 23:59:49 ----D---- C:\Windows\system32\oodag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-24 691696]
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [2010-07-03 2911848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-06-25 142992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-25 41936]
R2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-24 18048]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 RMCAST;@%SystemRoot%\system32\wshrm.dll,-102; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-07-14 117248]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 catchme;catchme; \??\C:\Users\Sprava\AppData\Local\Temp\catchme.sys []
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2010-07-13 27632]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-25 111312]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-16 278984]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-11-19 100352]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-11-26 6650368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CFcatchme;CFcatchme; \??\C:\Users\Sprava\AppData\Local\Temp\CFcatchme.sys []
S3 FStarForce;FStarForce; C:\Windows\system32\DRIVERS\FStarForce.sys [2009-07-13 9216]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Programs\Garena\safedrv.sys []
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-04-06 25512]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-09-02 25280]
S3 LLRING0;LLRING0; \??\D:\Games\NationMU\NationMU\NationMU Season5 Client\MuGuard\llck3.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SNP325;USB PC Camera (SNPSTD325); C:\Windows\system32\DRIVERS\snp325.sys [2007-03-07 10260864]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-25 100496]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-06-25 31632]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2006-06-19 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2006-07-25 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2006-07-25 57344]
R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MI3EDC~1\MSSQL\binn\sqlservr.exe [2000-08-17 7442493]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
R2 NIDomainService;National Instruments Domain Service; D:\Programs\National Instruments\Shared\Security\nidmsrv.exe [2006-07-25 200704]
R2 niSvcLoc;NI Service Locator; C:\Windows\system32\nisvcloc.exe [2006-02-06 49152]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-10-29 189248]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 NILM License Manager;NILM License Manager; D:\Programs\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2006-06-27 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\PROGRA~1\MI3EDC~1\MSSQL\binn\sqlagent.exe [2000-08-06 303170]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe [2010-07-03 304528]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-07 867080]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 136176]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Programs\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-01-05 75064]
S4 StarWindServiceAE;StarWind AE Service; D:\Programs\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-02 395048]

-----------------EOF-----------------

[motji]

Vypadá to dobře, ještě to trošku doladíme


Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Uvolněte místo na disku alespon na 4GB
System drive C: has 284 MB (1%) free of 34 GB



spusťte přejmenované HJT C:\Program Files\trend micro\Sprava.exe , má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: _uninst_setup_9.0.0.722_16.02.2011_00-19.exe.lnk = Sprava\AppData\Local\Temp\_uninst_setup_9.0.0.722_16.02.2011_00-19.exe.bat

- Dejte fajfku do čtverečku a zmáčkněte Fix checked



Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Sprava\AppData\Local\Temp\0.20846286101495237.exe"=-
"C:\Users\Sprava\AppData\Roaming\xwhyudsr1ktnkz2kznzqkikcjzvrrfat2\svcnost.exe"=-
"C:\Users\Sprava\AppData\Roaming\kvxocdvqxprddmwydlb1mg3lfqhncdc2\csrss.exe"=-
 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.
-restartujte počítač



Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?



stáhněte
http://www.slunecnice.cz/sw/crystaldiskinfo/
- spusťte ho a v nabídce zvolte Kopírovat.
-Data ze schránky sem pak vložte pomocí Ctrl+V