PC po spuštění nereaguje

[UnknowN]

Zdravím. Nevím kam to postnout, tak to píšu sem, jelikož problém s hardwarem to není a může to souviset s nějakým spywarem. Prostě počítač po zapnutí nereaguje na nic. Nejdříve aspoň nabíhaly programy, které mají po spuštění naběhnout (steam, skype...), teď už ani to. Pokud se pokusím kliknout na nějakou aplikaci na ploše, nebo třeba jen kliknu na start, PC zamrzne a začne se jakoby načítat. Nejde ani vypnout, musím ho vypínat vytažením ze zásuvky (na tlačítkou "vypnout" na bedně taky nereaguje, a klasické tlačítko "restart" mi tu vážně chybí). Problémy začali včera, poté co jsem vypnul jednu PC hru pomocí alt + F4. Od té doby přestal jakkoliv pracovat. V nouzovém režimu vše funguje. Obnova systému nepomohla. Projel jsem ho Malwarebytes i Spyware Terminatorem, z čehož Malwarebytes nic neodhalil, ale Terminator mi tam našel 3 spywary. Ze zoufalství jsem je dal všechny odstranit, a ejhle, počítač fungoval. Až do dneška, kdy se po spuštění potíže opakují, a žádný spyware už mi to nehlásí. Nenapadá vás něco?

[Reklama]

[Žbeky]

Vítej na PC-Help.

Pokud nemáš tlačítko restart, tak jej supluje podržení tlačítka vypnout na několik vteřin.

Pokud MbAM nic nenašel, tak najeď do nouzového režimu a udělej toto:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[UnknowN]

Zvláštní, počítač zase funguje jako včera. Nicméně mě ty "výpadky" začínají štvát

ComboFix 11-02-23.06 - Pepa 24.02.2011 10:51:49.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.6071.4640 [GMT 1:00]
Spuštěný z: c:\users\Pepa\Downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Outdated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 25
Systém nemůže najít soubor LockedB.
Systém nemůže najít soubor lockedB.
Systém nemůže nalézt uvedenou cestu.
Systém nemůže najít soubor LockedB.
@DO nebyl nyní očekáván.


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Pepa\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Pepa\AppData\Roaming\Desktopicon\uninst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-24 do 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 09:57 . 2011-02-24 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 17:00 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49E9DF96-E032-4905-A5B2-C6AB3E250763}\mpengine.dll
2011-02-23 17:00 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-23 16:51 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:51 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 16:51 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:51 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-23 16:08 . 2011-02-23 16:08 -------- d-----w- c:\program files (x86)\Crawler
2011-02-23 16:08 . 2011-02-24 08:49 -------- d-----w- c:\users\Pepa\AppData\Roaming\Spyware Terminator
2011-02-23 16:08 . 2011-02-24 08:48 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-02-23 16:08 . 2011-02-23 16:37 -------- d-----w- c:\programdata\Spyware Terminator
2011-02-22 09:38 . 2011-02-22 09:39 -------- d-----w- c:\users\Pepa\AppData\Roaming\Zoner
2011-02-22 09:38 . 2011-02-22 09:38 -------- d-----w- c:\users\Pepa\AppData\Local\Zoner
2011-02-22 09:33 . 2011-02-22 09:33 -------- d-----w- c:\program files\Zoner
2011-02-20 19:13 . 2011-02-20 19:13 -------- d-----w- c:\windows\PCHEALTH
2011-02-20 18:54 . 2011-02-20 18:54 109056 ----a-w- c:\windows\SysWow64\winytj32.rom
2011-02-15 17:16 . 2011-02-15 17:16 -------- d-----w- c:\users\Pepa\AppData\Local\Two Worlds II
2011-02-15 17:13 . 2011-02-15 17:13 -------- d-----w- c:\program files (x86)\Reality Pump
2011-02-06 08:21 . 2011-02-13 17:32 -------- d-----w- c:\users\Pepa\AppData\Local\The Witcher
2011-02-06 08:02 . 2011-02-06 08:18 -------- d-----w- c:\program files (x86)\The Witcher Enhanced Edition
2011-02-06 08:00 . 2011-02-06 08:00 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 09:41 . 2010-11-09 15:38 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-01-16 09:41 . 2010-11-09 15:38 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-01-16 09:41 . 2010-11-09 15:38 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-01-14 13:17 . 2011-01-14 13:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-24_09.39.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-24 09:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 09:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 09:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-18 21:32 . 2011-02-24 09:41 57936 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-24 09:41 36096 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-21 11:55 . 2011-02-24 09:41 15838 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-325917854-1318010299-1677025702-1000_UserData.bin
+ 2009-07-14 04:46 . 2011-02-24 09:42 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-03-21 11:56 . 2011-02-24 09:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 11:56 . 2011-02-24 09:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-24 09:57 . 2011-02-24 09:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 09:57 . 2011-02-24 09:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-02-24 09:53 615810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 615810 c:\windows\system32\perfh009.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 631054 c:\windows\system32\perfh005.dat
+ 2010-01-21 04:53 . 2011-02-24 09:53 631054 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-02-24 09:53 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 106190 c:\windows\system32\perfc009.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 121708 c:\windows\system32\perfc005.dat
+ 2010-01-21 04:53 . 2011-02-24 09:53 121708 c:\windows\system32\perfc005.dat
+ 2009-07-14 04:45 . 2011-02-24 09:42 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-02-23 16:56 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-23 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OOBCPRO\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 73088]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 77704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 834544]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-04-08 19840]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 233040]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 33208]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

.
Obsah adresáře 'Naplánované úlohy'

2011-02-24 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-11-04 10:25]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 12:15]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 12:15]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 8041360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5qf4119l6q
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60347&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-eBay Icon - c:\users\Pepa\AppData\Roaming\Desktopicon\uninst.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2011-02-24 11:02:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-24 10:02

Před spuštěním: Volných bajtů: 14 679 941 120
Po spuštění: Volných bajtů: 14 352 945 152

- - End Of File - - CFCB501D5D70DA6363BEA68DC27BCE30


EDIT: Nový problém - klasická windowskovská errorová obrazovka, která hlásí "critical damage", a za 5 sekund se mi PC restartuje, takže jsem ani neměl šanci přečíst její obsah. Stalo se to už včera jednou, jenže jsem tomu nevěnoval pozornost (resp. u PC byla sestra, a ta mi to jen nahlásila), a dneska znovu.

[Speed_dead]

Stačí vypnout automatický restart po chybě.

Ovládací panely - Systém - Upřesnit - Spuštění a zotavení systému - Nastavení - Automaticky restartovat po chybě - odškrtnout

[UnknowN]

A ve Windows 7 se to dá nastavit jak?

[bledulka]

Ahoj,
Odinstaluj Asktoolbar


Pokud nemáš, přesuň Combofix na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše

DDS::
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60347
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5qf4119l6q
mLocal Page = c:\windows\SysWOW64\blank.htm

Firefox::
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60347&qkw=
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

Folder::
c:\program files (x86)\ICQ6Toolbar\
c:\program files (x86)\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= -
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Driver::
ICQ Service



-ulož vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchop vytvořený skript levým myšítkem a -přesuň ho nad ikonu Combofixu, kde ho upustíš:




-po aplikaci vypadne další log,vlož ho sem




---------------

Ovládací panely - Systém - Upřesnit nastavení systému - Spuštění a zotavení systému - Nastavení - Automaticky restartovat po chybě - odškrtnout

-po naběhnutí systému by se měla objevit místo restartu modrá obrazovka.
-najdi složku C:\WINDOWS\Minidump
a pokud v ní jsou nějaké soubory, dej je do zipu a pošli na http://www.leteckaposta.cz, link vlož zde.

[UnknowN]

ComboFix 11-02-24.01 - Pepa 24.02.2011 20:01:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.6071.4697 [GMT 1:00]
Spuštěný z: c:\users\Pepa\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pepa\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\ICQ6Toolbar\
c:\program files (x86)\ICQ6Toolbar\\config.xml
c:\program files (x86)\ICQ6Toolbar\\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\\short.wav
c:\program files (x86)\ICQ6Toolbar\\Version.txt
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.js
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitAutoCompleteSearch.xpt
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.idl
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.js
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\ConduitToolbar.xpt
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.xpt
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.xpt
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\default_radio_skin.xml
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults\fbAlert.js
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome.manifest
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome\zynga.jar
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\install.rdf
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib\xpcom.js
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\manifest.mf
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.rsa
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF\zigbert.sf
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.gif
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.ico
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.PNG
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.src
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin\conduit.xml
c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\version.txt

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-24 do 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 19:06 . 2011-02-24 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 17:00 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49E9DF96-E032-4905-A5B2-C6AB3E250763}\mpengine.dll
2011-02-23 17:00 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-23 16:51 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:51 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 16:51 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:51 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-23 16:08 . 2011-02-23 16:08 -------- d-----w- c:\program files (x86)\Crawler
2011-02-23 16:08 . 2011-02-24 17:25 -------- d-----w- c:\users\Pepa\AppData\Roaming\Spyware Terminator
2011-02-23 16:08 . 2011-02-24 13:00 -------- d-----w- c:\programdata\Spyware Terminator
2011-02-23 16:08 . 2011-02-24 08:48 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-02-22 09:38 . 2011-02-22 09:39 -------- d-----w- c:\users\Pepa\AppData\Roaming\Zoner
2011-02-22 09:38 . 2011-02-22 09:38 -------- d-----w- c:\users\Pepa\AppData\Local\Zoner
2011-02-22 09:33 . 2011-02-22 09:33 -------- d-----w- c:\program files\Zoner
2011-02-20 19:13 . 2011-02-20 19:13 -------- d-----w- c:\windows\PCHEALTH
2011-02-15 17:16 . 2011-02-15 17:16 -------- d-----w- c:\users\Pepa\AppData\Local\Two Worlds II
2011-02-15 17:13 . 2011-02-15 17:13 -------- d-----w- c:\program files (x86)\Reality Pump
2011-02-06 08:21 . 2011-02-13 17:32 -------- d-----w- c:\users\Pepa\AppData\Local\The Witcher
2011-02-06 08:02 . 2011-02-06 08:18 -------- d-----w- c:\program files (x86)\The Witcher Enhanced Edition
2011-02-06 08:00 . 2011-02-06 08:00 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 09:41 . 2010-11-09 15:38 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-01-16 09:41 . 2010-11-09 15:38 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-01-16 09:41 . 2010-11-09 15:38 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-01-14 13:17 . 2011-01-14 13:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-24_09.39.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-18 21:32 . 2011-02-24 13:03 58980 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-24 13:16 36104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-21 11:55 . 2011-02-24 13:16 16032 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-325917854-1318010299-1677025702-1000_UserData.bin
+ 2010-03-21 19:50 . 2011-02-24 13:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 19:50 . 2011-02-23 21:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 19:50 . 2011-02-24 13:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-21 19:50 . 2011-02-23 21:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-23 21:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-02-24 10:35 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 11:56 . 2011-02-24 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-21 11:56 . 2011-02-24 19:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-24 19:07 . 2011-02-24 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 19:07 . 2011-02-24 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-24 13:19 615810 c:\windows\system32\perfh009.dat
+ 2010-01-21 04:53 . 2011-02-24 13:19 631054 c:\windows\system32\perfh005.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-24 13:19 106190 c:\windows\system32\perfc009.dat
+ 2010-01-21 04:53 . 2011-02-24 13:19 121708 c:\windows\system32\perfc005.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-02-23 21:31 391048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-24 19:06 391048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-03 19:52 . 2011-02-23 21:31 951896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-325917854-1318010299-1677025702-1000-12288.dat
+ 2010-05-03 19:52 . 2011-02-24 19:06 951896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-325917854-1318010299-1677025702-1000-12288.dat
- 2010-05-16 08:29 . 2011-02-23 21:31 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-05-16 08:29 . 2011-02-24 18:53 1474832 c:\windows\system32\drivers\sfi.dat
- 2009-07-14 04:45 . 2011-02-23 16:56 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-02-24 09:42 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-02-23 21:30 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-24 13:24 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-23 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-23 2557440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OOBCPRO\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 73088]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 77704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 834544]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-04-08 19840]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 233040]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 33208]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

.
Obsah adresáře 'Naplánované úlohy'

2011-02-24 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-11-04 10:25]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 12:15]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 12:15]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF23952.cfxxe" [X]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 8041360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2011-02-24 20:11:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-24 19:11
ComboFix2.txt 2011-02-24 10:02

Před spuštěním: 9 831 518 208
Po spuštění: 9 458 216 960

- - End Of File - - B764B1E9BE673B208050221BE779AE73

[Žbeky]

Odinstaluj:
Crawler
Spyware Terminator (štít máš od Comoda)
McAfee Security Scan

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\perfh009.dat
c:\windows\system32\perfc009.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
c:\windows\Tasks\Free File Viewer Update Checker.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableLUA"=-
"EnableUIADesktopToggle"=-
"PromptOnSecureDesktop"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[UnknowN]

Crawler a McAffee odinstalovány, Terminator má stejně vyplou rezidentní ochranu, používám ho jen na scan.
Zároveň bych chtěl napsat, že PC zatím funguje, ale zajímalo by mě, co ty potíže způsobilo, protože nevím, jestli se nebudou opakovat. A také my mezitím Malwarebytes našel jeden zatracenej BackDoor, už je odstraněnej. Nevím jestli s tím souhlasí.
Log:
ComboFix 11-02-24.01 - Pepa 24.02.2011 21:16:10.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.6071.4447 [GMT 1:00]
Spuštěný z: c:\users\Pepa\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pepa\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
"c:\windows\Tasks\Free File Viewer Update Checker.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\Free File Viewer Update Checker.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-24 do 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 20:21 . 2011-02-24 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-24 20:13 . 2011-02-24 20:14 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-02-23 17:00 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49E9DF96-E032-4905-A5B2-C6AB3E250763}\mpengine.dll
2011-02-23 17:00 . 2011-02-02 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-23 16:51 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:51 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:51 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 16:51 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 16:51 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-02-23 16:08 . 2011-02-24 17:25 -------- d-----w- c:\users\Pepa\AppData\Roaming\Spyware Terminator
2011-02-23 16:08 . 2011-02-24 13:00 -------- d-----w- c:\programdata\Spyware Terminator
2011-02-23 16:08 . 2011-02-24 08:48 -------- d-----w- c:\program files (x86)\Spyware Terminator
2011-02-22 09:38 . 2011-02-22 09:39 -------- d-----w- c:\users\Pepa\AppData\Roaming\Zoner
2011-02-22 09:38 . 2011-02-22 09:38 -------- d-----w- c:\users\Pepa\AppData\Local\Zoner
2011-02-22 09:33 . 2011-02-22 09:33 -------- d-----w- c:\program files\Zoner
2011-02-20 19:13 . 2011-02-20 19:13 -------- d-----w- c:\windows\PCHEALTH
2011-02-15 17:16 . 2011-02-15 17:16 -------- d-----w- c:\users\Pepa\AppData\Local\Two Worlds II
2011-02-15 17:13 . 2011-02-15 17:13 -------- d-----w- c:\program files (x86)\Reality Pump
2011-02-06 08:21 . 2011-02-13 17:32 -------- d-----w- c:\users\Pepa\AppData\Local\The Witcher
2011-02-06 08:02 . 2011-02-06 08:18 -------- d-----w- c:\program files (x86)\The Witcher Enhanced Edition
2011-02-06 08:00 . 2011-02-06 08:00 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 09:41 . 2010-11-09 15:38 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2011-01-16 09:41 . 2010-11-09 15:38 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2011-01-16 09:41 . 2010-11-09 15:38 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2011-01-14 13:17 . 2011-01-14 13:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-24_09.39.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 13:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 09:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-18 21:32 . 2011-02-24 20:12 59108 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-24 20:12 36104 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-21 11:55 . 2011-02-24 20:12 16268 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-325917854-1318010299-1677025702-1000_UserData.bin
+ 2010-03-21 19:50 . 2011-02-24 20:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 19:50 . 2011-02-23 21:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 19:50 . 2011-02-24 20:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-21 19:50 . 2011-02-23 21:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-24 20:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-23 21:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-02-24 10:35 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-21 11:56 . 2011-02-24 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-21 11:56 . 2011-02-23 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-21 11:56 . 2011-02-24 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-24 20:22 . 2011-02-24 20:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-24 09:38 . 2011-02-24 09:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 20:22 . 2011-02-24 20:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-02-24 20:16 615810 c:\windows\system32\perfh009.dat
+ 2010-01-21 04:53 . 2011-02-24 20:16 631054 c:\windows\system32\perfh005.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 631054 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-02-24 08:52 106190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-24 20:16 106190 c:\windows\system32\perfc009.dat
+ 2010-01-21 04:53 . 2011-02-24 20:16 121708 c:\windows\system32\perfc005.dat
- 2010-01-21 04:53 . 2011-02-24 08:52 121708 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-02-23 21:31 391048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-02-24 20:22 391048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-05-03 19:52 . 2011-02-23 21:31 951896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-325917854-1318010299-1677025702-1000-12288.dat
+ 2010-05-03 19:52 . 2011-02-24 20:22 951896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-325917854-1318010299-1677025702-1000-12288.dat
- 2010-05-16 08:29 . 2011-02-23 21:31 1474832 c:\windows\system32\drivers\sfi.dat
+ 2010-05-16 08:29 . 2011-02-24 20:10 1474832 c:\windows\system32\drivers\sfi.dat
- 2009-07-14 04:45 . 2011-02-23 16:56 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-02-24 09:42 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-02-23 21:30 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-24 19:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-25 328056]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-17 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-23 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-23 2557440]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OOBCPRO\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 135664]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 73088]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 77704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 834544]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-04-08 19840]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-08 233040]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-08 33208]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-08 8041360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Pepa\AppData\Roaming\Mozilla\Firefox\Profiles\kgf9z25b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-325917854-1318010299-1677025702-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Comodo\COMODO Internet Security\cmdinstall.exe
.
**************************************************************************
.
Celkový čas: 2011-02-24 21:26:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-24 20:26
ComboFix2.txt 2011-02-24 19:11
ComboFix3.txt 2011-02-24 10:02

Před spuštěním: 9 584 271 360
Po spuštění: 9 498 361 856

- - End Of File - - 100F08D57029B6F3B5A3B87EEADE2464

[Žbeky]

Kde byl ten Backdoor? Nedělej další scany v průběhu čištění!
Ten Spyware terminator je naprosto zbytečný, máš tam Comodo i Windows Defender.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
C:\32788R22FWJFW.0.tmp

Driver::
pr2agmlb

File::
c:\windows\system32\pr2agmlb.exe

DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu