Prosím o kontrolu ;) Vyřešeno

[zelol]

Prosím nedivte se, že potřebuji další kontrolu logu... Nedávno to bylo na jiném počítači..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:01, on 2.2.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Trend Micro\HiJackThis\hijackthis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 8334 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3225826
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O3 - Toolbar: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
*****************************************************************************************************************************************************************************************
Stáhni si AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“

Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[zelol]

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 17:40:22
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Uzivatel - DAVID
# Boot Mode : Normal
# Running from : C:\Users\Uzivatel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Uzivatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Found : C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Users\Uzivatel\AppData\Local\APN
Folder Found : C:\Users\Uzivatel\AppData\Local\Conduit
Folder Found : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Folder Found : C:\Users\Uzivatel\AppData\Local\TempDir
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\BitTorrentControl_v12
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\Conduit
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\Toolbar4
Folder Found : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\BitTorrentControl_v12
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42047D00-814F-4702-B8E1-942A77DB7B31}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3548C35-508A-4731-9186-8233A9C27815}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKU\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com

-\\ Mozilla Firefox v18.0.1 (cs)

File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gc1oabgz.default-1347702598207\prefs.js

Found : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.seznam.cz/?sourceid=undefined&q=")[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Found : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&q=&SearchSource=2[...]

-\\ Google Chrome v20.0.1132.47

File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]
Found [l.38] : icon_url = "hxxp://search.conduit.com/fav.ico",
Found [l.41] : keyword = "search.conduit.com",
Found [l.44] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3225826",
Found [l.1671] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Found [l.1966] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [7015 octets] - [02/02/2013 17:40:22]

########## EOF - C:\AdwCleaner[R1].txt - [7075 octets] ##########

[Damned]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“).
Klikni na „ Delete“
Program provede opravu, po automatickém restartu se ukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

[zelol]

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 20:33:22
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Uzivatel - DAVID
# Boot Mode : Normal
# Running from : C:\Users\Uzivatel\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Uzivatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Uzivatel\AppData\Local\APN
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Folder Deleted : C:\Users\Uzivatel\AppData\Local\TempDir
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42047D00-814F-4702-B8E1-942A77DB7B31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3548C35-508A-4731-9186-8233A9C27815}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (cs)

File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gc1oabgz.default-1347702598207\prefs.js

C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gc1oabgz.default-1347702598207\user.js ... Deleted !

Deleted : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "BitTorrentControl_v12 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.seznam.cz/?sourceid=undefined&q=")[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");
Deleted : user_pref("browser.search.selectedEngine", "BitTorrentControl_v12 Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&q=&SearchSource=2[...]

-\\ Google Chrome v20.0.1132.47

File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"[...]
Deleted [l.38] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.41] : keyword = "search.conduit.com",
Deleted [l.44] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]
Deleted [l.1671] : homepage = "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48",
Deleted [l.1966] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48" ]

*************************

AdwCleaner[R1].txt - [7144 octets] - [02/02/2013 17:40:22]
AdwCleaner[S1].txt - [6788 octets] - [02/02/2013 20:33:22]

########## EOF - C:\AdwCleaner[S1].txt - [6848 octets] ##########

[Damned]

Fajn, ještě MbAM

[zelol]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.02.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Uzivatel :: DAVID [administrátor]

Ochrana: Povolena

2.2.2013 23:15:44
MBAM-log-2013-02-02 (23-21-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208122
Uplynulý čas: 5 minut, 47 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe (Security.Hijack) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Uzivatel\AppData\Local\temp\trzA5B6.tmp (Trojan.Downloader.Agent) -> Nebyla provedena žádná instrukce.

(konec)

[Damned]

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
*****************************************************************************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[zelol]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.03.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Uzivatel :: DAVID [administrátor]

Ochrana: Povolena

3.2.2013 10:33:13
mbam-log-2013-02-03 (10-33-13).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208169
Uplynulý čas: 6 minut, 30 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe (Security.Hijack) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Uzivatel\AppData\Local\temp\trzA5B6.tmp (Trojan.Downloader.Agent) -> Přesun do karantény a smazání se zdařilo.

(konec)

[zelol]

ComboFix 13-02-02.05 - Uzivatel 03.02.2013 10:47:04.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3326.1912 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-03 do 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 09:52 . 2013-02-03 09:52 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C80E3C-8859-4ADB-97DE-DC34E63C488D}\offreg.dll
2013-02-02 22:14 . 2013-02-02 22:14 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 22:14 . 2013-02-02 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-02 22:14 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 22:14 . 2013-02-02 22:14 -------- d-----w- c:\users\Uzivatel\AppData\Local\Programs
2013-02-01 09:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C80E3C-8859-4ADB-97DE-DC34E63C488D}\mpengine.dll
2013-01-29 16:57 . 2013-01-29 17:02 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\Wise Registry Cleaner
2013-01-29 16:56 . 2013-01-29 16:56 -------- d-----w- c:\program files\Wise
2013-01-29 12:52 . 2013-01-29 12:52 -------- d-----w- c:\users\Uzivatel\AppData\Local\Adobe
2013-01-27 10:22 . 2013-01-27 10:22 -------- d-----w- c:\program files\Common Files\Skype
2013-01-27 10:22 . 2013-01-27 10:22 -------- d-----r- c:\program files\Skype
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\programdata\ATI
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\program files\AMD AVT
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\program files\AMD APP
2013-01-17 15:11 . 2013-01-17 15:11 -------- d-----w- c:\users\Uzivatel\AppData\Local\My Games
2013-01-16 14:44 . 2013-02-02 17:09 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-16 14:36 . 2013-02-02 17:09 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-16 14:36 . 2013-01-16 14:36 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-09 14:21 . 2013-01-29 14:42 -------- dc-h--w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}
2013-01-09 14:18 . 2013-01-09 14:18 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\Merver
2013-01-09 14:18 . 2013-01-09 14:18 -------- d-----w- c:\users\Uzivatel\AppData\Local\PackageAware
2013-01-09 13:32 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-06 12:44 . 2013-01-06 12:44 -------- d-----w- c:\users\Uzivatel\AppData\Local\CRE
2013-01-06 11:34 . 2013-01-06 11:43 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\SpieleEntwicklungsKombinat
2013-01-06 11:33 . 2013-01-26 21:36 -------- d-----w- c:\programdata\SpieleEntwicklungsKombinat
2013-01-06 11:32 . 2013-01-06 11:43 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-01-06 11:32 . 2013-01-06 11:32 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-01-05 17:08 . 2013-01-05 17:08 -------- d-----w- c:\users\Uzivatel\AppData\Local\GHISLER
2013-01-05 17:07 . 2013-01-05 17:07 -------- d-----w- C:\totalcmd
2013-01-05 16:41 . 2013-01-05 16:41 -------- d-----w- c:\program files\VS Revo Group
2013-01-05 13:33 . 2013-01-05 13:33 -------- d-----w- c:\users\Uzivatel\AppData\Local\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 17:09 . 2012-01-04 16:16 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-02-02 17:00 . 2011-05-31 17:29 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-01-17 00:28 . 2011-05-30 08:56 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 13:55 . 2012-04-07 08:32 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 13:55 . 2011-05-30 10:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 20:50 . 2011-01-13 02:30 5630200 ----a-w- c:\windows\system32\atiumdag.dll
2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll
2012-12-19 20:09 . 2011-01-13 03:01 960512 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-19 20:06 . 2011-01-13 02:51 6681088 ----a-w- c:\windows\system32\atidxx32.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-12-19 19:44 . 2011-01-13 02:23 4162048 ----a-w- c:\windows\system32\atiumdva.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2011-01-13 02:14 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-19 19:30 . 2011-01-13 02:14 83968 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\system32\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-16 14:13 . 2012-12-21 22:10 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 14:13 . 2012-12-14 14:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-12-14 14:12 . 2011-05-31 17:29 22328 ----a-w- c:\users\Uzivatel\AppData\Roaming\PnkBstrK.sys
2012-11-14 02:09 . 2012-12-12 20:23 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:23 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:23 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-09 04:42 . 2012-12-12 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 84992 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2013-01-20 11:55 . 2012-10-20 09:56 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-01-12 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-08-24 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-19 17:08 3477312 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
2007-07-26 13:05 20480 ----a-w- c:\program files\GIGABYTE\ET6\ETcall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]
.
2013-01-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-05-30 23:26]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 90.183.115.6 83.167.234.32
FF - ProfilePath - c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gc1oabgz.default-1347702598207\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,75,84,e3,95,e3,c6,fd,89,dc,23,b7,ca,dd,bf,f9,b0,4a,d6,9a,5a,c8,b1,
77,b8,97,3b,26,6a,0a,06,74,2a,66,a4,f4,77,27,4a,fd,df,f8,a1,f3,ec,cf,4c,fc,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\SecuROM\License information*]
"datasecu"=hex:d5,66,0e,24,74,a0,ae,85,99,4a,8a,bb,b9,03,d5,37,09,d8,d9,3c,78,
38,35,a3,00,23,12,56,8b,ed,d2,a0,32,b4,4e,a4,c9,7a,fd,5b,89,90,d3,fe,a6,0c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\c:\Users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-02-03 10:57:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-03 09:57
.
Před spuštěním: Volných bajtů: 372 351 365 120
Po spuštění: Volných bajtů: 372 297 125 888
.
- - End Of File - - 137BD6F645294373526081F9413FDC24

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}

Folder::
c:\program files\Skype\Updater

File::
c:\windows\system32\drivers\EagleXNt.sys
c:\windows\system32\GameMon.des
c:\windows\Tasks\GlaryInitialize.job

Driver::
SkypeUpdate
EagleXNt
npggsvc

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[zelol]

ComboFix 13-02-03.02 - Uzivatel 03.02.2013 17:33:54.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3326.2064 [GMT 1:00]
Spuštěný z: c:\users\Uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Uzivatel\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\EagleXNt.sys"
"c:\windows\system32\GameMon.des"
"c:\windows\Tasks\GlaryInitialize.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
c:\windows\system32\GameMon.des
c:\windows\Tasks\GlaryInitialize.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAGLEXNT
-------\Service_EagleXNt
-------\Service_npggsvc
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-03 do 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 16:39 . 2013-02-03 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 10:02 . 2013-02-03 10:02 -------- d-----w- c:\users\Uzivatel\AppData\Local\AMD
2013-02-03 10:02 . 2013-02-03 10:02 -------- d-----w- c:\users\Uzivatel\AppData\Local\ATI
2013-02-03 09:52 . 2013-02-03 09:52 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C80E3C-8859-4ADB-97DE-DC34E63C488D}\offreg.dll
2013-02-02 22:14 . 2013-02-02 22:14 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 22:14 . 2013-02-02 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-02 22:14 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-02 22:14 . 2013-02-02 22:14 -------- d-----w- c:\users\Uzivatel\AppData\Local\Programs
2013-02-01 09:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C80E3C-8859-4ADB-97DE-DC34E63C488D}\mpengine.dll
2013-01-29 16:57 . 2013-01-29 17:02 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\Wise Registry Cleaner
2013-01-29 16:56 . 2013-01-29 16:56 -------- d-----w- c:\program files\Wise
2013-01-27 10:22 . 2013-01-27 10:22 -------- d-----w- c:\program files\Common Files\Skype
2013-01-27 10:22 . 2013-02-03 16:38 -------- d-----r- c:\program files\Skype
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\programdata\ATI
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\program files\AMD AVT
2013-01-27 10:21 . 2013-01-27 10:21 -------- d-----w- c:\program files\AMD APP
2013-01-17 15:11 . 2013-01-17 15:11 -------- d-----w- c:\users\Uzivatel\AppData\Local\My Games
2013-01-16 14:44 . 2013-02-03 16:22 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-01-16 14:36 . 2013-02-03 16:22 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-16 14:36 . 2013-01-16 14:36 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-01-09 14:21 . 2013-01-29 14:42 -------- dc-h--w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}
2013-01-09 14:18 . 2013-01-09 14:18 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\Merver
2013-01-09 14:18 . 2013-01-09 14:18 -------- d-----w- c:\users\Uzivatel\AppData\Local\PackageAware
2013-01-09 13:32 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-06 11:34 . 2013-01-06 11:43 -------- d-----w- c:\users\Uzivatel\AppData\Roaming\SpieleEntwicklungsKombinat
2013-01-06 11:33 . 2013-01-26 21:36 -------- d-----w- c:\programdata\SpieleEntwicklungsKombinat
2013-01-06 11:32 . 2013-01-06 11:43 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-01-06 11:32 . 2013-01-06 11:32 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-01-05 17:08 . 2013-01-05 17:08 -------- d-----w- c:\users\Uzivatel\AppData\Local\GHISLER
2013-01-05 17:07 . 2013-01-05 17:07 -------- d-----w- C:\totalcmd
2013-01-05 16:41 . 2013-01-05 16:41 -------- d-----w- c:\program files\VS Revo Group
2013-01-05 13:33 . 2013-01-05 13:33 -------- d-----w- c:\users\Uzivatel\AppData\Local\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-03 16:22 . 2012-01-04 16:16 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-02-03 16:16 . 2011-05-31 17:29 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-01-17 00:28 . 2011-05-30 08:56 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 13:55 . 2012-04-07 08:32 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 13:55 . 2011-05-30 10:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 20:50 . 2011-01-13 02:30 5630200 ----a-w- c:\windows\system32\atiumdag.dll
2012-12-19 20:47 . 2012-12-19 20:47 9647104 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:22 . 2012-12-19 20:22 58880 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\system32\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\system32\atioglxx.dll
2012-12-19 20:09 . 2011-01-13 03:01 960512 ----a-w- c:\windows\system32\aticfx32.dll
2012-12-19 20:06 . 2011-01-13 02:51 6681088 ----a-w- c:\windows\system32\atidxx32.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 482304 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:55 . 2012-12-19 19:55 219136 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-12-19 19:54 . 2012-12-19 19:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-12-19 19:44 . 2011-01-13 02:23 4162048 ----a-w- c:\windows\system32\atiumdva.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 442368 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2011-01-13 02:14 109568 ----a-w- c:\windows\system32\atiuxpag.dll
2012-12-19 19:30 . 2011-01-13 02:14 83968 ----a-w- c:\windows\system32\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\system32\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-16 14:13 . 2012-12-21 22:10 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 14:13 . 2012-12-14 14:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-12-14 14:12 . 2011-05-31 17:29 22328 ----a-w- c:\users\Uzivatel\AppData\Roaming\PnkBstrK.sys
2012-11-14 02:09 . 2012-12-12 20:23 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:23 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:23 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-09 04:42 . 2012-12-12 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 84992 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2013-01-20 11:55 . 2012-10-20 09:56 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D} ----
.
2013-01-09 14:21 . 2013-01-09 14:21 114 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\instance.dat
2013-01-09 14:21 . 2013-01-09 14:21 0 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\{09274EEE-AE4E-42CF-848A-F8F53759B783}.native.bitness.log
2013-01-09 14:21 . 2013-01-09 14:21 0 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\{09274EEE-AE4E-42CF-848A-F8F53759B783}.native.data.log
2013-01-09 14:21 . 2013-01-09 14:21 0 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\{09274EEE-AE4E-42CF-848A-F8F53759B783}.native.elements.log
2013-01-09 14:21 . 2013-01-09 14:21 0 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\{09274EEE-AE4E-42CF-848A-F8F53759B783}.native.weight.log
2013-01-09 14:21 . 2013-01-09 14:21 0 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\minecraft-version-changer.lnk
2013-01-09 14:21 . 2013-01-09 14:21 633 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\minecraft-version-changer.dat
2013-01-09 14:21 . 2013-01-09 14:21 180 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\minecraft-version-changer.par
2013-01-09 14:21 . 2012-11-15 18:56 583792 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\mia.lib
2013-01-09 14:21 . 2012-11-15 18:56 5206913 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\minecraft-version-changer.res
2013-01-09 14:21 . 2012-11-15 18:56 290816 -c--a-w- c:\programdata\{13F6C219-94FE-48F3-A944-8AD2392D0C1D}\minecraft-version-changer.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-01-12 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-08-24 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-01-19 17:08 3477312 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
2007-07-26 13:05 20480 ----a-w- c:\program files\GIGABYTE\ET6\ETcall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 90.183.115.6 83.167.234.32
FF - ProfilePath - c:\users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gc1oabgz.default-1347702598207\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,75,84,e3,95,e3,c6,fd,89,dc,23,b7,ca,dd,bf,f9,b0,4a,d6,9a,5a,c8,b1,
77,b8,97,3b,26,6a,0a,06,74,2a,66,a4,f4,77,27,4a,fd,df,f8,a1,f3,ec,cf,4c,fc,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\SecuROM\License information*]
"datasecu"=hex:d5,66,0e,24,74,a0,ae,85,99,4a,8a,bb,b9,03,d5,37,09,d8,d9,3c,78,
38,35,a3,00,23,12,56,8b,ed,d2,a0,32,b4,4e,a4,c9,7a,fd,5b,89,90,d3,fe,a6,0c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\c:\Users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-1094803241-788000046-1805994050-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\users\Uzivatel\Desktop\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2013-02-03 17:44:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-03 16:44
ComboFix2.txt 2013-02-03 09:57
.
Před spuštěním: Volných bajtů: 372 000 886 784
Po spuštění: Volných bajtů: 372 008 882 176
.
- - End Of File - - FFE3AD4A7B6F4A897E0BA18E406C5CB0