[HJT] Preventivka Vyřešeno

[CZechBoY]

Zdravim,
mrkne mi někdo na log z mého PC?

Díky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:48, on 24.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
F:\Programy(x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
F:\Programy(x86)\QIP Infium\infium.exe
F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Users\CZechBoY\Desktop\sfbot\sfBot.exe
E:\WPE\WPE PRO.exe
F:\Programy(x86)\Winamp\winamp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\CZechBoY\Desktop\new server\ServerJabko2.exe
F:\Programy(x86)\Mozilla Firefox\firefox.exe
F:\Programy(x86)\Mozilla Firefox\plugin-container.exe
F:\Programy(x86)\Opera\opera.exe
F:\Programy(x86)\PSPad editor\PSPad.exe
C:\Users\CZechBoY\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Programy(x86)\GetRight\xx2gr.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Programy(x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [avgnt] "F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "F:\Programy(x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Infium] "F:\Programy(x86)\QIP Infium\infium.exe" /autorun
O8 - Extra context menu item: Download with GetRight - F:\Programy(x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - F:\Programy(x86)\GetRight\GRbrowse.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://F:\Programy(x86)\Desktop Sidebar\sbhelp.dll/menuhandler.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2038154B-2980-46B6-B116-3AA4AF93D7AF}: NameServer = 10.0.0.100,10.0.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E509714-6D82-46A5-88A5-B2A714A244E0}: NameServer = 10.0.0.100,10.0.0.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - F:\Programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Programy(x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - F:\Programy(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: Zjišťování interaktivních služeb (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 7834 bytes

[Reklama]

[bledulka]

Ahoj,
co máš za problém s počítačem?

[CZechBoY]

log je čistej?
nevim jestli to je nějakej bordel, nebo naplánovaný úlohy ale občas se mi zvedá využití CPU, až na takovou míru že se sekne na chvíli Winamp

jestli to je v pohodě tak to nechám bejt a koupim nějaký C2Q

[Žbeky]

Log opravdu vypadá čistě. Ale pro jistotu

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[CZechBoY]

v ATF nejde kliknout ani na Operu ani na FireFox, nainstalovaný mám oboje

[Žbeky]

Tak na to kašli a udělej to třeba přes CCleaner

[CZechBoY]

já mám TuneUp



Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Verze databáze: 6948

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

25.6.2011 19:09:04
mbam-log-2011-06-25 (19-09-00).txt

Typ: Rychlá kontrola
Kontrolované objekty: 207487
Uplynulý čas: 2 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Žbeky]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[CZechBoY]

ComboFix 11-06-25.05 - CZechBoY 26.06.2011 1:30.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.1972 [GMT 2:00]
Spuštěný z: c:\users\CZechBoY\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-25 do 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 23:33 . 2011-06-25 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 23:33 . 2011-06-25 23:33 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-06-25 23:29 . 2011-06-25 23:29 -------- d-----w- C:\32788R22FWJFW
2011-06-25 21:21 . 2011-06-25 21:21 -------- d-----w- c:\users\CZechBoY\AppData\Local\{3C70FB89-BFEB-40AC-B03D-A8FDD4B8007B}
2011-06-25 09:20 . 2011-06-25 09:20 -------- d-----w- c:\users\CZechBoY\AppData\Local\{74B38FE6-49BD-4061-AEBC-8599F4DBE2E1}
2011-06-24 21:19 . 2011-06-24 21:20 -------- d-----w- c:\users\CZechBoY\AppData\Local\{B8D65359-CE8A-4092-950E-D6DDFA07B6F8}
2011-06-24 09:18 . 2011-06-24 09:19 -------- d-----w- c:\users\CZechBoY\AppData\Local\{19A1D647-D7E4-4291-AC3D-21D572AFCC15}
2011-06-23 21:17 . 2011-06-23 21:18 -------- d-----w- c:\users\CZechBoY\AppData\Local\{573B1DC2-F347-4C63-96B6-52F56C35C018}
2011-06-23 09:15 . 2011-06-23 09:16 -------- d-----w- c:\users\CZechBoY\AppData\Local\{ABE28245-25F4-45A1-A5DB-EEDB66B43350}
2011-06-22 21:14 . 2011-06-22 21:15 -------- d-----w- c:\users\CZechBoY\AppData\Local\{D1A5AC0B-4093-4D11-A011-C8C037F9A093}
2011-06-22 14:31 . 2011-06-22 14:31 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-06-22 14:31 . 2009-04-30 23:02 559640 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-06-22 14:31 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-06-22 14:31 . 2009-04-30 23:02 764952 ----a-w- c:\windows\system32\LVUI64.dll
2011-06-22 14:31 . 2011-06-22 14:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-06-22 14:31 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-06-22 14:31 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2011-06-22 14:31 . 2009-04-30 22:57 398360 ----a-w- c:\windows\system32\lvcod64.dll
2011-06-22 14:31 . 2009-04-30 22:57 416280 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-06-22 14:31 . 2009-04-30 22:56 588952 ----a-w- c:\windows\system32\drivers\LV561V64.sys
2011-06-22 09:57 . 2011-06-22 09:58 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Seeing Machines
2011-06-22 09:57 . 2011-06-22 09:57 -------- d-----w- c:\programdata\Seeing Machines
2011-06-22 09:57 . 2011-06-22 09:57 -------- d-----w- c:\windows\Downloaded Installations
2011-06-22 09:44 . 2011-06-22 09:44 -------- d-----w- c:\windows\system32\appmgmt
2011-06-22 09:14 . 2011-06-22 09:14 -------- d-----w- c:\users\CZechBoY\AppData\Local\{E694112C-C171-453F-A8C1-CCB1993674F7}
2011-06-21 21:13 . 2011-06-21 21:14 -------- d-----w- c:\users\CZechBoY\AppData\Local\{98B0C00A-DC8B-4032-B9AE-063F68D0086E}
2011-06-21 09:12 . 2011-06-21 09:13 -------- d-----w- c:\users\CZechBoY\AppData\Local\{ABB37429-B1BD-46DB-B56F-8864AA260F5B}
2011-06-20 21:12 . 2011-06-20 21:12 -------- d-----w- c:\users\CZechBoY\AppData\Local\{F512B8AC-673A-4587-A319-8C96A5182ABD}
2011-06-20 18:52 . 2011-06-20 18:52 -------- d-----w- c:\users\CZechBoY\AppData\Local\assembly
2011-06-20 18:52 . 2011-06-20 18:52 -------- d-----w- c:\users\CZechBoY\AppData\Local\Apps
2011-06-19 21:09 . 2011-06-20 09:11 -------- d-----w- c:\users\CZechBoY\AppData\Local\{9070C2FF-691D-4B68-9BBA-406A38CBAE1F}
2011-06-16 19:11 . 2011-02-18 21:05 237056 ----a-w- c:\windows\SysWow64\ssleay32.dll
2011-06-16 19:11 . 2011-02-18 21:05 237056 ----a-w- c:\windows\SysWow64\libssl32.dll
2011-06-16 19:11 . 2011-02-18 21:05 1099776 ----a-w- c:\windows\SysWow64\libeay32.dll
2011-06-16 17:41 . 2011-06-16 17:42 -------- d-----w- c:\users\CZechBoY\Cropped
2011-06-16 16:20 . 2011-06-16 17:47 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Feedreader
2011-06-16 00:06 . 2011-04-23 01:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 10:41 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 10:41 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 10:41 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 10:41 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 10:41 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 10:41 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 10:41 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 10:40 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 10:40 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 10:40 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 10:40 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 10:40 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 10:40 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 10:40 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 06:00 . 2011-06-15 06:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-15 05:58 . 2011-06-15 05:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-15 05:57 . 2011-06-25 17:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-15 05:56 . 2011-06-25 17:45 -------- d-----w- c:\users\CZechBoY\AppData\Local\Adobe
2011-06-15 01:42 . 2011-06-15 13:45 -------- d-----w- c:\users\CZechBoY\AppData\Local\{A7762C89-7E4D-4087-8B3C-827DB84D6A40}
2011-06-10 13:37 . 2011-06-14 13:42 -------- d-----w- c:\users\CZechBoY\AppData\Local\{4ABF81ED-D28B-423B-8DD6-BB04C2D879F4}
2011-06-07 12:34 . 2011-06-07 13:04 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\MonoDevelop-Unity
2011-06-05 01:10 . 2011-06-10 01:16 -------- d-----w- c:\users\CZechBoY\AppData\Local\{8E1C438C-88C2-4EBC-881F-EFB9A61F7BAD}
2011-06-02 15:49 . 2011-06-16 09:01 -------- d--h--w- c:\program files (x86)\Temp
2011-06-02 15:35 . 2011-06-02 15:35 -------- d-----w- c:\program files (x86)\GIGABYTE
2011-06-02 15:24 . 2011-05-16 20:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-06-02 15:24 . 2011-05-16 20:55 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-06-02 15:24 . 2011-05-16 20:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-06-02 15:24 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxa471.rra
2011-06-02 15:23 . 2011-06-02 15:24 -------- d-----w- c:\windows\RaidTool
2011-06-02 15:22 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-06-02 15:22 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-02 15:22 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-02 15:22 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-02 15:22 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-02 15:22 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-02 15:22 . 2011-06-02 15:22 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-02 15:22 . 2011-06-02 15:22 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-02 15:18 . 2011-06-02 15:18 -------- d-----w- C:\Intel
2011-06-02 01:01 . 2011-06-04 13:09 -------- d-----w- c:\users\CZechBoY\AppData\Local\{1E76BFC6-3507-4E0F-8E69-9AB69C27DB9C}
2011-06-01 12:59 . 2011-06-01 13:01 -------- d-----w- c:\users\CZechBoY\AppData\Local\{CE43784C-FF64-4075-A00D-994FB98E2BAE}
2011-06-01 10:58 . 2011-06-01 10:58 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Wireshark
2011-06-01 05:59 . 2011-06-01 05:59 -------- d-----w- c:\users\admin
2011-05-31 00:54 . 2011-06-01 00:58 -------- d-----w- c:\users\CZechBoY\AppData\Local\{0C9E0FB0-6802-4B92-871B-F45163EB0D46}
2011-05-30 15:30 . 2011-06-15 05:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-30 12:52 . 2011-05-30 12:54 -------- d-----w- c:\users\CZechBoY\AppData\Local\{578811DB-84FA-4D6A-B160-BF466DF41B02}
2011-05-30 00:51 . 2011-05-30 00:51 -------- d-----w- c:\users\CZechBoY\AppData\Local\{BE9D9D6E-B892-4C70-88F1-4B7B1A79139C}
2011-05-29 12:48 . 2011-05-29 12:48 -------- d-----w- c:\users\CZechBoY\AppData\Local\{BFCF3F7A-3EDB-47B6-90F7-B9FC7CE84C03}
2011-05-29 08:34 . 2011-05-29 08:34 -------- d-----w- c:\programdata\Hewlett-Packard
2011-05-29 08:34 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-05-29 00:47 . 2011-05-29 00:47 -------- d-----w- c:\users\CZechBoY\AppData\Local\{1FC90F19-9FC7-4084-AD7B-A3A595276F69}
2011-05-28 12:46 . 2011-05-28 12:46 -------- d-----w- c:\users\CZechBoY\AppData\Local\{033F3706-A854-41BF-9980-9D5321C31B11}
2011-05-28 00:45 . 2011-05-28 00:46 -------- d-----w- c:\users\CZechBoY\AppData\Local\{21EF22DC-E35F-498C-B748-F1568215C76D}
2011-05-27 12:45 . 2011-05-27 12:45 -------- d-----w- c:\users\CZechBoY\AppData\Local\{DF295844-5F97-4807-B684-25A53EF746BF}
2011-05-27 07:08 . 2011-05-27 08:14 -------- d-----w- c:\users\Server
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 00:05 . 2010-10-14 08:57 1835744 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-02 15:50 . 2010-10-13 15:33 25640 ----a-w- c:\windows\gdrv.sys
2011-05-29 07:11 . 2010-12-08 15:25 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-12-08 15:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 15:58 . 2010-10-13 15:33 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-04 23:28 . 2011-05-04 23:28 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-04 23:27 . 2011-05-04 23:27 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-04 05:54 . 2011-05-04 05:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-08-26 02:01 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2011-03-09 04:55 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2010-08-26 01:52 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2011-04-20 01:49 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-03-09 03:41 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2010-08-26 01:33 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-03-09 04:24 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2010-08-26 01:25 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-08-26 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-03-09 04:18 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2010-08-26 01:20 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2010-08-26 01:20 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2010-08-26 01:19 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-19 20:10 . 2011-04-19 20:10 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-19 20:10 . 2011-04-19 20:10 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-04-15 14:00 . 2010-10-13 15:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:58 . 2011-05-19 01:56 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 03:52 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 03:52 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 03:52 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 01:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-08 18:36 . 2011-04-08 18:36 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 18:40 . 2010-11-06 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-30 18:46 . 2011-03-30 18:46 114704 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-03-30 17:02 . 2011-05-12 19:10 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 16:57 . 2011-05-12 19:10 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-03-30 16:57 . 2011-05-12 19:10 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-03-30 16:57 . 2011-05-12 19:10 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 16:57 . 2011-05-12 19:10 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"uTorrent"="f:\programy(x86)\uTorrent\uTorrent.exe" [2011-04-07 399736]
"Infium"="f:\programy(x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"avgnt"="f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper"="f:\programy(x86)\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui"="f:\programy(x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 CEDRIVER55;CEDRIVER55;e:\cheat engine\dbk64.sys [2010-06-25 40504]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RivaTuner64;RivaTuner64;f:\programy(x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-05-25 19952]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;f:\programy(x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\programy(x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avmailc.exe [2011-03-04 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\sched.exe [2011-05-10 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-04 421032]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3136328]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\programy(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\programy(x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S4 MBAMService;MBAMService;f:\programy(x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001Core.job
- c:\users\CZechBoY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 15:44]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001UA.job
- c:\users\CZechBoY\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 15:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 4012360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
IE: Download with GetRight - f:\programy(x86)\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - f:\programy\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - f:\programy(x86)\GetRight\GRbrowse.htm
IE: Subscribe in Desktop Sidebar - f:\programy(x86)\Desktop Sidebar\sbhelp.dll/menuhandler.html
LSP: f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{2038154B-2980-46B6-B116-3AA4AF93D7AF}: NameServer = 10.0.0.100,10.0.0.200
TCP: Interfaces\{5E509714-6D82-46A5-88A5-B2A714A244E0}: NameServer = 10.0.0.100,10.0.0.200
FF - ProfilePath - c:\users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programy(x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - f:\programy(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="EFAEAE5E593D7C8716F89B3EA7E79BA1E805394141A7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794FEBC9E127BECC74C9125369EC5C7D3D1A668AA2C6AD5B15539F8B31581FD2B51542DF10E2B43A4D50719DE93B1F13434A8C98DA47367497E679B42FD1F6B2B0BA99254EF36914815BC48E444E9344D65566EDFA84177140B655C57381562E2A8B4AB9D0BD10774CCD5E746D798B1D6DB66CB5EA92237988D2092092075C74376B5D363BFF6D6289F09F1B45A3D107E33269C75FCB65E4F3A975A25F02883B1E08526EC55F13CD554A32794BAA67B63AC7762485877A926E9E313294D6A82897A0C06B6F6E3F4E4D50206014CFC2119ABCA5D2DD92F58FB1A2B62C9BACBB4177847977230C0C230B399D7C747393528B72C1730817CAD296AAC30EDA02E8F1F354C4304F65269879F71A469C5286D8C7C36D80E33D1F073A03928B14F4B8BD4AEBF37039F35352D71243B1BC76D84B6CA98B3BAB9F5EF1A2535BAE3762E25E386DA64BD65D972D725E02E46B17DB98A9518F85A3E04F7CC061C1B08ABB5DC69826D00B26685F2B3D66B530AC8A24EDF750E404AD36A5DB072F843D6E89738F80D590319A4CF8BDE4C9BC4B6BAFA8A0227E5E5186C6C786041ED6D3A8A5ABF16B3152A568626966CE9DAE05115F737B188200885E221A3E669B01BD3D2D9FE3DA92AF789574AF2E4BC2A4915CC5E25A31ECF0A89F071BFC589099075E6C608DB42B6B081C4500141711DE46EB84A257E119E13CE3A1FB073E0D6D4A65124ED52F86FDCC3E0A0A5F05DD85D7E92A610DEAB490EB4C03A5C57D5883523FCC9CA786C18C90924F8CBD7F51A211B7CB7BD555F1E2A4CEDAAB0CEF0A5C05B3DE2B9985C8A8ABCE56861CC56B062CE78120F653E03DADC8D2A1BAADE46CCF147EF5D6E31B771006755D61ABDFE96566E9EE507827057E0504A11B07018EF3E33C459AEF21F9A28C8F722FE8EFCF8A3299DA8A686F01B064A6A89991A5B08CC8009567ED0D9DF3C12DC3D2FCF34865B589E42244926E3AF74C3009375E6B45C8E3801F59A8F65792CE4A651ACC582570F8822D270C4B675AA6073BDBF24D96024230926C87F8E51E6C5DE80F364F1254694397BC314D8202E9E682DD80F9F01EA6C240F747C05E67486EBCB98D720075750FE5AAEEF57AE233267EB46B87198EE0C0CA7DAECB5136A05D636B0FA1AF1021F6E9E414A7FD311A07AF6B1C701B8224E7BD8DDC9D26344722EB579BB338E6BB4066D2F266576E44532BEE57441A25AD2B303042250175F5283374FA0813C981C485E509B6130EFCEA2A8558DEACF508C7975F798E7A27EFE6B98B5BDDD8BF6333CFC21588CCF64C0610E9572796A22C416F7066316"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-26 01:35:41
ComboFix-quarantined-files.txt 2011-06-25 23:35
.
Před spuštěním: 7 164 395 520
Po spuštění: 7 300 485 120
.
- - End Of File - - D4E88D1316CE96224B653356A8E61F52

[memphisto]

Tohle otestuj na VT
c:\windows\SysWow64\Difxa471.rra

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
C:\32788R22FWJFW

Dirlook::
c:\users\CZechBoY\AppData\Local\{3C70FB89-BFEB-40AC-B03D-A8FDD4B8007B}
c:\users\CZechBoY\AppData\Local\{74B38FE6-49BD-4061-AEBC-8599F4DBE2E1}
c:\users\CZechBoY\AppData\Local\{B8D65359-CE8A-4092-950E-D6DDFA07B6F8}
c:\users\CZechBoY\AppData\Local\{19A1D647-D7E4-4291-AC3D-21D572AFCC15}
c:\users\CZechBoY\AppData\Local\{573B1DC2-F347-4C63-96B6-52F56C35C018}
c:\users\CZechBoY\AppData\Local\{ABE28245-25F4-45A1-A5DB-EEDB66B43350}
c:\users\CZechBoY\AppData\Local\{D1A5AC0B-4093-4D11-A011-C8C037F9A093}
c:\users\CZechBoY\AppData\Local\{E694112C-C171-453F-A8C1-CCB1993674F7}
c:\users\CZechBoY\AppData\Local\{98B0C00A-DC8B-4032-B9AE-063F68D0086E}
c:\users\CZechBoY\AppData\Local\{ABB37429-B1BD-46DB-B56F-8864AA260F5B}
c:\users\CZechBoY\AppData\Local\{F512B8AC-673A-4587-A319-8C96A5182ABD}
c:\users\CZechBoY\AppData\Local\{9070C2FF-691D-4B68-9BBA-406A38CBAE1F}
c:\users\CZechBoY\AppData\Local\{A7762C89-7E4D-4087-8B3C-827DB84D6A40}
c:\users\CZechBoY\AppData\Local\{4ABF81ED-D28B-423B-8DD6-BB04C2D879F4}
c:\users\CZechBoY\AppData\Local\{8E1C438C-88C2-4EBC-881F-EFB9A61F7BAD}
c:\users\CZechBoY\AppData\Local\{1E76BFC6-3507-4E0F-8E69-9AB69C27DB9C}
c:\users\CZechBoY\AppData\Local\{CE43784C-FF64-4075-A00D-994FB98E2BAE}
c:\users\CZechBoY\AppData\Local\{0C9E0FB0-6802-4B92-871B-F45163EB0D46}
c:\users\CZechBoY\AppData\Local\{578811DB-84FA-4D6A-B160-BF466DF41B02}
c:\users\CZechBoY\AppData\Local\{BE9D9D6E-B892-4C70-88F1-4B7B1A79139C}
c:\users\CZechBoY\AppData\Local\{BFCF3F7A-3EDB-47B6-90F7-B9FC7CE84C03}
c:\users\CZechBoY\AppData\Local\{1FC90F19-9FC7-4084-AD7B-A3A595276F69}
c:\users\CZechBoY\AppData\Local\{033F3706-A854-41BF-9980-9D5321C31B11}
c:\users\CZechBoY\AppData\Local\{21EF22DC-E35F-498C-B748-F1568215C76D}
c:\users\CZechBoY\AppData\Local\{DF295844-5F97-4807-B684-25A53EF746BF}

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-
"PromptOnSecureDesktop"=-

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[CZechBoY]

ComboFix 11-06-25.05 - CZechBoY 01.07.2011 0:44.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2274 [GMT 2:00]
Spuštěný z: c:\users\CZechBoY\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\CZechBoY\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1913805740-196726431-4255557853-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-28 do 2011-06-30 )))))))))))))))))))))))))))))))
.
.
2011-06-30 22:44 . 2011-06-30 22:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-30 22:44 . 2011-06-30 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 22:44 . 2011-06-30 22:44 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-06-30 22:41 . 2011-06-24 13:04 219440 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-30 22:41 . 2011-06-24 13:05 44848 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-30 22:38 . 2010-06-17 12:23 98120 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-06-30 21:25 . 2011-06-30 21:25 -------- d-----w- c:\users\CZechBoY\AppData\Local\{E4568675-DFAC-4095-A6F4-766F6BAA805F}
2011-06-29 09:24 . 2011-06-30 09:25 -------- d-----w- c:\users\CZechBoY\AppData\Local\{2106ED9E-8B5B-4F18-AE68-CCCF7B78B6B6}
2011-06-28 22:44 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 22:44 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-28 22:44 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-28 22:44 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-28 22:44 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-26 09:21 . 2011-06-28 21:24 -------- d-----w- c:\users\CZechBoY\AppData\Local\{D3192511-C8E2-4AA1-9223-26F0AFCAED0F}
2011-06-25 23:35 . 2011-06-30 22:44 -------- d-----w- c:\users\Server\AppData\Local\temp
2011-06-25 21:21 . 2011-06-25 21:21 -------- d-----w- c:\users\CZechBoY\AppData\Local\{3C70FB89-BFEB-40AC-B03D-A8FDD4B8007B}
2011-06-25 09:20 . 2011-06-25 09:20 -------- d-----w- c:\users\CZechBoY\AppData\Local\{74B38FE6-49BD-4061-AEBC-8599F4DBE2E1}
2011-06-24 21:19 . 2011-06-24 21:20 -------- d-----w- c:\users\CZechBoY\AppData\Local\{B8D65359-CE8A-4092-950E-D6DDFA07B6F8}
2011-06-24 13:05 . 2011-06-24 13:05 144688 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-06-24 09:18 . 2011-06-24 09:19 -------- d-----w- c:\users\CZechBoY\AppData\Local\{19A1D647-D7E4-4291-AC3D-21D572AFCC15}
2011-06-23 21:17 . 2011-06-23 21:18 -------- d-----w- c:\users\CZechBoY\AppData\Local\{573B1DC2-F347-4C63-96B6-52F56C35C018}
2011-06-23 09:15 . 2011-06-23 09:16 -------- d-----w- c:\users\CZechBoY\AppData\Local\{ABE28245-25F4-45A1-A5DB-EEDB66B43350}
2011-06-22 21:14 . 2011-06-22 21:15 -------- d-----w- c:\users\CZechBoY\AppData\Local\{D1A5AC0B-4093-4D11-A011-C8C037F9A093}
2011-06-22 14:31 . 2011-06-22 14:31 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-06-22 14:31 . 2009-04-30 23:02 559640 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-06-22 14:31 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-06-22 14:31 . 2009-04-30 23:02 764952 ----a-w- c:\windows\system32\LVUI64.dll
2011-06-22 14:31 . 2011-06-22 14:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-06-22 14:31 . 2009-04-30 23:02 539160 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-06-22 14:31 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2011-06-22 14:31 . 2009-04-30 22:57 398360 ----a-w- c:\windows\system32\lvcod64.dll
2011-06-22 14:31 . 2009-04-30 22:57 416280 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-06-22 14:31 . 2009-04-30 22:56 588952 ----a-w- c:\windows\system32\drivers\LV561V64.sys
2011-06-22 09:57 . 2011-06-22 09:58 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Seeing Machines
2011-06-22 09:57 . 2011-06-22 09:57 -------- d-----w- c:\programdata\Seeing Machines
2011-06-22 09:57 . 2011-06-22 09:57 -------- d-----w- c:\windows\Downloaded Installations
2011-06-22 09:44 . 2011-06-22 09:44 -------- d-----w- c:\windows\system32\appmgmt
2011-06-22 09:14 . 2011-06-22 09:14 -------- d-----w- c:\users\CZechBoY\AppData\Local\{E694112C-C171-453F-A8C1-CCB1993674F7}
2011-06-22 06:20 . 2011-06-22 06:20 -------- d-----w- c:\users\Server\AppData\Roaming\Microsoft FxCop
2011-06-21 21:13 . 2011-06-21 21:14 -------- d-----w- c:\users\CZechBoY\AppData\Local\{98B0C00A-DC8B-4032-B9AE-063F68D0086E}
2011-06-21 09:12 . 2011-06-21 09:13 -------- d-----w- c:\users\CZechBoY\AppData\Local\{ABB37429-B1BD-46DB-B56F-8864AA260F5B}
2011-06-20 21:12 . 2011-06-20 21:12 -------- d-----w- c:\users\CZechBoY\AppData\Local\{F512B8AC-673A-4587-A319-8C96A5182ABD}
2011-06-20 21:05 . 2011-06-20 21:06 -------- d-----w- c:\users\Server\AppData\Roaming\FileZilla
2011-06-20 18:52 . 2011-06-20 18:52 -------- d-----w- c:\users\CZechBoY\AppData\Local\assembly
2011-06-20 18:52 . 2011-06-20 18:52 -------- d-----w- c:\users\CZechBoY\AppData\Local\Apps
2011-06-19 21:09 . 2011-06-20 09:11 -------- d-----w- c:\users\CZechBoY\AppData\Local\{9070C2FF-691D-4B68-9BBA-406A38CBAE1F}
2011-06-16 19:11 . 2011-02-18 21:05 237056 ----a-w- c:\windows\SysWow64\ssleay32.dll
2011-06-16 19:11 . 2011-02-18 21:05 237056 ----a-w- c:\windows\SysWow64\libssl32.dll
2011-06-16 19:11 . 2011-02-18 21:05 1099776 ----a-w- c:\windows\SysWow64\libeay32.dll
2011-06-16 17:41 . 2011-06-16 17:42 -------- d-----w- c:\users\CZechBoY\Cropped
2011-06-16 16:20 . 2011-06-16 17:47 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Feedreader
2011-06-16 00:06 . 2011-04-23 01:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 10:41 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 10:41 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 10:41 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 10:41 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 10:41 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 10:41 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 10:41 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 10:40 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 10:40 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 10:40 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 10:40 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 10:40 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 10:40 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 10:40 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 06:00 . 2011-06-15 06:00 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-06-15 05:58 . 2011-06-15 05:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-06-15 05:57 . 2011-06-25 17:45 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-15 05:56 . 2011-06-25 17:45 -------- d-----w- c:\users\CZechBoY\AppData\Local\Adobe
2011-06-15 01:42 . 2011-06-15 13:45 -------- d-----w- c:\users\CZechBoY\AppData\Local\{A7762C89-7E4D-4087-8B3C-827DB84D6A40}
2011-06-10 13:37 . 2011-06-14 13:42 -------- d-----w- c:\users\CZechBoY\AppData\Local\{4ABF81ED-D28B-423B-8DD6-BB04C2D879F4}
2011-06-07 12:34 . 2011-06-07 13:04 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\MonoDevelop-Unity
2011-06-05 01:10 . 2011-06-10 01:16 -------- d-----w- c:\users\CZechBoY\AppData\Local\{8E1C438C-88C2-4EBC-881F-EFB9A61F7BAD}
2011-06-03 23:42 . 2011-06-03 23:42 -------- d-----w- c:\users\Server\AppData\Roaming\PSpad
2011-06-02 15:49 . 2011-06-16 09:01 -------- d--h--w- c:\program files (x86)\Temp
2011-06-02 15:35 . 2011-06-02 15:35 -------- d-----w- c:\program files (x86)\GIGABYTE
2011-06-02 15:24 . 2011-05-16 20:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2011-06-02 15:24 . 2011-05-16 20:55 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2011-06-02 15:24 . 2011-05-16 20:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2011-06-02 15:24 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difxa471.rra
2011-06-02 15:23 . 2011-06-02 15:24 -------- d-----w- c:\windows\RaidTool
2011-06-02 15:22 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-06-02 15:22 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-02 15:22 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-02 15:22 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-02 15:22 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-02 15:22 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-02 15:22 . 2011-06-02 15:22 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-02 15:22 . 2011-06-02 15:22 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-02 15:18 . 2011-06-02 15:18 -------- d-----w- C:\Intel
2011-06-02 01:01 . 2011-06-04 13:09 -------- d-----w- c:\users\CZechBoY\AppData\Local\{1E76BFC6-3507-4E0F-8E69-9AB69C27DB9C}
2011-06-01 12:59 . 2011-06-01 13:01 -------- d-----w- c:\users\CZechBoY\AppData\Local\{CE43784C-FF64-4075-A00D-994FB98E2BAE}
2011-06-01 10:58 . 2011-06-01 10:58 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\Wireshark
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 13:05 . 2011-02-17 16:21 164656 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-06-24 13:04 . 2011-02-17 16:21 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-06-16 00:05 . 2010-10-14 08:57 1835744 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-15 05:23 . 2011-05-30 15:30 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-02 15:50 . 2010-10-13 15:33 25640 ----a-w- c:\windows\gdrv.sys
2011-05-29 07:11 . 2010-12-08 15:25 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-12-08 15:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-27 15:58 . 2010-10-13 15:33 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-05-04 23:28 . 2011-05-04 23:28 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-05-04 23:27 . 2011-05-04 23:27 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-05-04 05:54 . 2011-05-04 05:56 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-08-26 02:01 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-04-20 02:07 . 2011-03-09 04:55 795648 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-04-20 02:05 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-04-20 02:02 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-04-20 01:59 . 2010-08-26 01:52 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-04-20 01:49 . 2011-04-20 01:49 4951552 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-04-20 01:40 . 2011-03-09 03:41 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
2011-04-20 01:38 . 2010-08-26 01:33 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-04-20 01:31 . 2011-03-09 04:24 5440000 ----a-w- c:\windows\system32\atiumd64.dll
2011-04-20 01:30 . 2010-08-26 01:25 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-04-20 01:27 . 2010-08-26 01:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-03-09 04:18 366080 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-04-20 01:21 . 2010-08-26 01:20 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-04-20 01:21 . 2010-08-26 01:20 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-04-20 01:21 . 2010-08-26 01:19 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-04-19 20:10 . 2011-04-19 20:10 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-04-19 20:10 . 2011-04-19 20:10 16116224 ----a-w- c:\windows\system32\amdocl64.dll
2011-04-15 14:00 . 2010-10-13 15:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:58 . 2011-05-19 01:56 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 03:52 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 03:52 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 03:52 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 01:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-04-08 18:36 . 2011-04-08 18:36 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-06 18:40 . 2010-11-06 20:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\CZechBoY\AppData\Local\{033F3706-A854-41BF-9980-9D5321C31B11} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{0C9E0FB0-6802-4B92-871B-F45163EB0D46} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{19A1D647-D7E4-4291-AC3D-21D572AFCC15} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{1E76BFC6-3507-4E0F-8E69-9AB69C27DB9C} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{1FC90F19-9FC7-4084-AD7B-A3A595276F69} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{21EF22DC-E35F-498C-B748-F1568215C76D} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{3C70FB89-BFEB-40AC-B03D-A8FDD4B8007B} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{4ABF81ED-D28B-423B-8DD6-BB04C2D879F4} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{573B1DC2-F347-4C63-96B6-52F56C35C018} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{578811DB-84FA-4D6A-B160-BF466DF41B02} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{74B38FE6-49BD-4061-AEBC-8599F4DBE2E1} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{8E1C438C-88C2-4EBC-881F-EFB9A61F7BAD} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{9070C2FF-691D-4B68-9BBA-406A38CBAE1F} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{98B0C00A-DC8B-4032-B9AE-063F68D0086E} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{A7762C89-7E4D-4087-8B3C-827DB84D6A40} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{ABB37429-B1BD-46DB-B56F-8864AA260F5B} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{ABE28245-25F4-45A1-A5DB-EEDB66B43350} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{B8D65359-CE8A-4092-950E-D6DDFA07B6F8} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{BE9D9D6E-B892-4C70-88F1-4B7B1A79139C} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{BFCF3F7A-3EDB-47B6-90F7-B9FC7CE84C03} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{CE43784C-FF64-4075-A00D-994FB98E2BAE} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{D1A5AC0B-4093-4D11-A011-C8C037F9A093} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{DF295844-5F97-4807-B684-25A53EF746BF} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{E694112C-C171-453F-A8C1-CCB1993674F7} ----
.
.
---- Directory of c:\users\CZechBoY\AppData\Local\{F512B8AC-673A-4587-A319-8C96A5182ABD} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-25_23.34.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-06-30 22:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-25 23:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-25 23:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-30 22:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-25 23:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-30 22:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-27 08:59 . 2011-06-30 10:35 86672 c:\windows\system32\perfh009.dat
- 2011-03-27 08:59 . 2011-06-19 13:19 86672 c:\windows\system32\perfh009.dat
+ 2011-03-27 08:59 . 2011-06-30 10:35 95992 c:\windows\system32\perfh005.dat
- 2011-03-27 08:59 . 2011-06-19 13:19 95992 c:\windows\system32\perfh005.dat
- 2011-03-27 08:59 . 2011-06-19 13:19 33834 c:\windows\system32\perfc009.dat
+ 2011-03-27 08:59 . 2011-06-30 10:35 33834 c:\windows\system32\perfc009.dat
- 2011-03-27 08:59 . 2011-06-19 13:19 41830 c:\windows\system32\perfc005.dat
+ 2011-03-27 08:59 . 2011-06-30 10:35 41830 c:\windows\system32\perfc005.dat
+ 2011-06-30 22:41 . 2011-06-24 13:05 44848 c:\windows\system32\DRVSTORE\VBoxUSBMon_498D2EF20FFF794A84774FB7DB1DA81547B660D2\VBoxUSBMon.sys
+ 2009-07-14 05:30 . 2011-06-30 22:41 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-06-22 14:31 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-06-24 13:05 . 2011-06-24 13:05 46384 c:\windows\system32\DriverStore\FileRepository\vboxusb.inf_amd64_neutral_f101f58e96cd15d1\VBoxUSB.sys
+ 2011-03-21 19:37 . 2010-06-17 13:23 98120 c:\windows\system32\DriverStore\FileRepository\avfwim.inf_amd64_neutral_f877973f02c1fc73\avfwim.sys
- 2011-03-21 19:37 . 2011-03-04 12:45 83120 c:\windows\system32\drivers\avgntflt.sys
+ 2011-03-21 19:37 . 2011-01-26 14:10 83120 c:\windows\system32\drivers\avgntflt.sys
+ 2010-10-22 19:35 . 2011-06-30 22:45 74216 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-03-25 20:41 . 2011-04-01 04:22 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
+ 2011-03-25 20:41 . 2011-06-30 14:24 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
+ 2011-06-30 22:46 . 2011-06-30 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-16 08:59 . 2011-06-19 13:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-30 22:41 . 2011-06-24 13:04 219440 c:\windows\system32\DRVSTORE\VBoxDrv_80254056B50605C20974A37757BDA88B9A253032\VBoxDrv.sys
+ 2009-07-14 05:30 . 2011-06-30 22:41 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-22 14:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-06-30 22:41 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-06-24 13:04 . 2011-06-24 13:04 320816 c:\windows\system32\DriverStore\FileRepository\vboxnetflt.inf_amd64_neutral_d3d6ec1212e492a2\VBoxNetFltNotify.dll
+ 2011-06-24 13:05 . 2011-06-24 13:05 164656 c:\windows\system32\DriverStore\FileRepository\vboxnetflt.inf_amd64_neutral_d3d6ec1212e492a2\VBoxNetFlt.sys
+ 2011-06-24 13:05 . 2011-06-24 13:05 144688 c:\windows\system32\DriverStore\FileRepository\vboxnetadp.inf_amd64_neutral_fd18f8027ed60e50\VBoxNetAdp.sys
- 2011-03-21 19:37 . 2011-03-04 12:45 116568 c:\windows\system32\drivers\avipbb.sys
+ 2011-03-21 19:37 . 2011-01-26 14:10 116568 c:\windows\system32\drivers\avipbb.sys
+ 2011-03-21 19:37 . 2010-11-30 17:03 126792 c:\windows\system32\drivers\avfwot.sys
- 2009-07-14 05:01 . 2011-06-16 00:08 417676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-30 22:45 417676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-04 17:42 . 2011-06-30 22:45 968564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1007-8192.dat
- 2011-06-04 17:42 . 2011-06-15 01:15 968564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1007-8192.dat
+ 2009-07-14 04:45 . 2011-06-29 01:17 4410075 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-06-16 09:00 4410075 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-12-24 02:32 . 2011-06-16 00:08 1297160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-24 02:32 . 2011-06-30 22:45 1297160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-24 07:14 . 2011-06-25 23:39 1799656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1001-4096.dat
- 2011-03-24 07:14 . 2011-06-04 17:42 1799656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1001-4096.dat
+ 2010-10-13 18:13 . 2011-06-30 22:45 2143476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1001-12288.dat
- 2009-07-14 02:34 . 2011-06-25 08:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-06-30 09:50 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-07 21:07 . 2011-06-30 22:45 10070896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1913805740-196726431-4255557853-1001-8192.dat
+ 2011-06-30 22:40 . 2011-06-30 22:40 21959168 c:\windows\Installer\29efbec.msi
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"uTorrent"="f:\programy(x86)\uTorrent\uTorrent.exe" [2011-04-07 399736]
"Infium"="f:\programy(x86)\QIP Infium\infium.exe" [2011-05-11 6848384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe" [2011-01-26 281768]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="f:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"avgnt"="f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper"="f:\programy(x86)\iTunes\iTunesHelper.exe"
"LogMeIn Hamachi Ui"="f:\programy(x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 CEDRIVER55;CEDRIVER55;e:\cheat engine\dbk64.sys [2010-06-25 40504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RivaTuner64;RivaTuner64;f:\programy(x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-05-25 19952]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;f:\programy(x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WMSVC;Služba webové správy;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\programy(x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R4 MBAMService;MBAMService;f:\programy(x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-11-30 126792]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avfwsvc.exe [2010-11-30 539304]
S2 AntiVirMailService;Avira AntiVir MailGuard;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avmailc.exe [2011-01-26 339624]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\sched.exe [2011-01-26 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-01-28 420520]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3136328]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\programy(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\programy(x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - VBOXDRV
*NewlyCreated* - VBOXUSBMON
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 4012360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-31 11855976]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
IE: Download with GetRight - f:\programy(x86)\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - f:\programy\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - f:\programy(x86)\GetRight\GRbrowse.htm
IE: Subscribe in Desktop Sidebar - f:\programy(x86)\Desktop Sidebar\sbhelp.dll/menuhandler.html
LSP: f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{2038154B-2980-46B6-B116-3AA4AF93D7AF}: NameServer = 10.0.0.100,10.0.0.200
TCP: Interfaces\{5E509714-6D82-46A5-88A5-B2A714A244E0}: NameServer = 10.0.0.100,10.0.0.200
FF - ProfilePath - c:\users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programy(x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - f:\programy(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="EFAEAE5E593D7C8716F89B3EA7E79BA1E805394141A7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794FEBC9E127BECC74C9125369EC5C7D3D1A668AA2C6AD5B15539F8B31581FD2B51542DF10E2B43A4D50719DE93B1F13434A8C98DA47367497E679B42FD1F6B2B0BA99254EF36914815BC48E444E9344D65566EDFA84177140B655C57381562E2A8B4AB9D0BD10774CCD5E746D798B1D6DB66CB5EA92237988D2092092075C74376B5D363BFF6D6289F09F1B45A3D107E33269C75FCB65E4F3A975A25F02883B1E08526EC55F13CD554A32794BAA67B63AC7762485877A926E9E313294D6A82897A0C06B6F6E3F4E4D50206014CFC2119ABCA5D2DD92F58FB1A2B62C9BACBB4177847977230C0C230B399D7C747393528B72C1730817CAD296AAC30EDA02E8F1F354C4304F65269879F71A469C5286D8C7C36D80E33D1F073A03928B14F4B8BD4AEBF37039F35352D71243B1BC76D84B6CA98B3BAB9F5EF1A2535BAE3762E25E386DA64BD65D972D725E02E46B17DB98A9518F85A3E04F7CC061C1B08ABB5DC69826D00B26685F2B3D66B530AC8A24EDF750E404AD36A5DB072F843D6E89738F80D590319A4CF8BDE4C9BC4B6BAFA8A0227E5E5186C6C786041ED6D3A8A5ABF16B3152A568626966CE9DAE05115F737B188200885E221A3E669B01BD3D2D9FE3DA92AF789574AF2E4BC2A4915CC5E25A31ECF0A89F071BFC589099075E6C608DB42B6B081C4500141711DE46EB84A257E119E13CE3A1FB073E0D6D4A65124ED52F86FDCC3E0A0A5F05DD85D7E92A610DEAB490EB4C03A5C57D5883523FCC9CA786C18C90924F8CBD7F51A211B7CB7BD555F1E2A4CEDAAB0CEF0A5C05B3DE2B9985C8A8ABCE56861CC56B062CE78120F653E03DADC8D2A1BAADE46CCF147EF5D6E31B771006755D61ABDFE96566E9EE507827057E0504A11B07018EF3E33C459AEF21F9A28C8F722FE8EFCF8A3299DA8A686F01B064A6A89991A5B08CC8009567ED0D9DF3C12DC3D2FCF34865B589E42244926E3AF74C3009375E6B45C8E3801F59A8F65792CE4A651ACC582570F8822D270C4B675AA6073BDBF24D96024230926C87F8E51E6C5DE80F364F1254694397BC314D8202E9E682DD80F9F01EA6C240F747C05E67486EBCB98D720075750FE5AAEEF57AE233267EB46B87198EE0C0CA7DAECB5136A05D636B0FA1AF1021F6E9E414A7FD311A07AF6B1C701B8224E7BD8DDC9D26344722EB579BB338E6BB4066D2F266576E44532BEE57441A25AD2B303042250175F5283374FA0813C981C485E509B6130EFCEA2A8558DEACF508C7975F798E7A27EFE6B98B5BDDD8BF6333CFC21588CCF64C0610E9572796A22C416F7066316"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\users\CZechBoY\Desktop\new server\ChmatTools NPC.exe
c:\users\CZechBoY\Desktop\new server\Chmat Tools [SharpPcap] Kontrola IP při loginu(parametr).exe
f:\programy(x86)\Winamp\winamp.exe
f:\programy(x86)\Avira Premium Security Suite\Avira\AntiVir Desktop\usrreq.exe
.
**************************************************************************
.
Celkový čas: 2011-07-01 00:48:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-30 22:48
ComboFix2.txt 2011-06-25 23:35
.
Před spuštěním: Volných bajtů: 10 182 275 072
Po spuštění: Volných bajtů: 10 144 681 984
.
- - End Of File - - 1206D771F5437E04A2091F70572E53AE



a prej je nějaká nová verze, ale já jsem dal že chci tu starou omezenou nebo co to psalo :)

[Žbeky]

Ještě ten virustotal