Zamrzaní programů + pomalé nabíhání/vypínání PC

[Imas]

podrobněji v sekci Problémy s hardwarem - Zamrzaní programů + pomalé nabíhání/vypínání PC

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:07, on 8.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Zombie\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Vizuální záložky - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files (x86)\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yandex.Bar - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1607270210-766523-4270997960-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1607270210-766523-4270997960-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: FreeRapid 0.86u1.lnk = C:\Users\Zombie\Desktop\tom\FreeRapid-0.86u1\frd.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9766093C-44CF-4EB1-B0EC-455A8A6279F5}: NameServer = 82.114.192.15,82.114.192.6
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10937 bytes

[Reklama]

[Damned]

Eset máš vypnutý nebo zapnutý?

[Imas]

Měl by být vypnutý.

[Damned]

A proč si vypínáš antivir?
Odinstaluj si Spybot a Yandex Bar (toolbar).

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Vizuální záložky - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files (x86)\Yandex\YandexBarIE\fastdial.dll
O3 - Toolbar: Yandex.Bar - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files (x86)\Yandex\YandexBarIE\yndbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Startup: FreeRapid 0.86u1.lnk = C:\Users\Zombie\Desktop\tom\FreeRapid-0.86u1\frd.exe
*****************************************************************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

[Imas]

Žádný problém nebyl nalezen.

[Žbeky]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Imas]

ComboFix 12-04-08.01 - Zombie 08.04.2012 21:00:58.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8175.6564 [GMT 2:00]
Spuštěný z: c:\users\Zombie\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
c:\programdata\ntuser.dat
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 19:03 . 2012-04-08 19:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-08 19:03 . 2012-04-08 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\users\Zombie\AppData\Roaming\Malwarebytes
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-08 18:30 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 07:57 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61E08C3F-807F-418F-A6E5-E1E615464629}\mpengine.dll
2012-03-30 12:12 . 2012-03-30 12:12 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-30 12:12 . 2012-03-30 12:12 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-30 12:12 . 2012-03-30 12:12 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-29 17:06 . 2012-04-01 17:14 -------- d-----w- c:\program files (x86)\Sega
2012-03-23 16:25 . 2012-03-23 16:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-03-23 16:05 . 2012-03-23 16:05 592784 ----a-w- c:\windows\system32\itpcoin80.dll
2012-03-23 15:08 . 2012-03-23 15:08 -------- d-----w- c:\programdata\Uniblue
2012-03-23 15:07 . 2012-03-23 15:07 -------- d-----w- c:\users\Zombie\AppData\Roaming\Uniblue
2012-03-23 15:07 . 2012-03-23 15:07 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-23 15:01 . 2012-03-23 15:21 -------- d-----w- c:\program files\HWiNFO64
2012-03-14 12:19 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 12:19 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 12:19 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:58 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 10:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:43 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 10:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 10:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 18:50 . 2012-03-12 18:50 -------- d-----w- c:\program files (x86)\1C
2012-03-10 21:06 . 2012-03-10 21:06 -------- d-----w- c:\program files (x86)\HD Tune
2012-03-10 19:49 . 2012-03-10 19:49 -------- d-----w- c:\users\Zombie\AppData\Roaming\HD Tune Pro
2012-03-10 19:47 . 2012-03-10 21:04 -------- d-----w- c:\program files (x86)\HD Tune Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 19:05 . 2012-01-27 19:34 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-04-08 19:04 . 2012-01-27 19:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 07:18 . 2012-01-27 20:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 09:39 . 2012-01-27 20:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 11:51 . 2012-01-28 11:51 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-27 22:17 . 2012-01-27 22:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-27 21:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 21:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-27 20:41 . 2012-01-27 20:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-27 20:41 . 2012-01-27 20:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-27 20:41 . 2012-01-27 20:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-27 20:41 . 2012-01-27 20:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-27 20:41 . 2012-01-27 20:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-27 20:41 . 2012-01-27 20:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-27 20:41 . 2012-01-27 20:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-27 20:41 . 2012-01-27 20:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-27 20:41 . 2012-01-27 20:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-27 20:41 . 2012-01-27 20:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-27 20:41 . 2012-01-27 20:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-27 20:41 . 2012-01-27 20:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-27 20:41 . 2012-01-27 20:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-27 20:41 . 2012-01-27 20:41 448512 ----a-w- c:\windows\system32\html.iec
2012-01-27 20:41 . 2012-01-27 20:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-27 20:41 . 2012-01-27 20:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-27 20:41 . 2012-01-27 20:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-27 20:41 . 2012-01-27 20:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-27 20:41 . 2012-01-27 20:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-27 20:41 . 2012-01-27 20:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-27 20:41 . 2012-01-27 20:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-27 20:41 . 2012-01-27 20:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-27 20:41 . 2012-01-27 20:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-27 20:41 . 2012-01-27 20:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-27 20:41 . 2012-01-27 20:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-27 20:41 . 2012-01-27 20:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-27 20:41 . 2012-01-27 20:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-27 20:41 . 2012-01-27 20:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-27 20:41 . 2012-01-27 20:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-27 20:41 . 2012-01-27 20:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-27 20:41 . 2012-01-27 20:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-27 20:41 . 2012-01-27 20:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-27 20:41 . 2012-01-27 20:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-27 20:41 . 2012-01-27 20:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-27 20:17 . 2012-01-27 20:17 25640 ----a-w- c:\windows\etdrv.sys
2012-01-24 13:18 . 2012-01-24 13:18 4794880 ----a-w- c:\windows\SysWow64\x264vfw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-01-27 25640]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-04-08 30528]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-03 11:13]
.
2012-04-08 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-23 13:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{9766093C-44CF-4EB1-B0EC-455A8A6279F5}: NameServer = 82.114.192.15,82.114.192.6
FF - ProfilePath - c:\users\Zombie\AppData\Roaming\Mozilla\Firefox\Profiles\p64t8y1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-TNOD UP - c:\program files (x86)\TNod User & Password Finder\TNODUP.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1607270210-766523-4270997960-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:35,cd,0e,81,a8,71,25,c1,d5,84,fe,fe,8c,14,f6,90,27,46,c4,86,0d,91,5b,
1a,8e,d8,90,fa,b8,23,56,d8,aa,d9,fe,5d,5f,45,7d,d1,88,84,93,f3,a9,39,e6,04,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-1607270210-766523-4270997960-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bc,85,c3,e9,9e,ff,9f,b6,13,09,48,fa,84,d6,5e,bf,1e,9b,38,f7,cf,
df,98,4c,dd,7b,b3,0b,4e,d8,e0,9f,45,10,bf,50,bc,66,62,2b,52,f1,fd,41,2c,c3,\
"rkeysecu"=hex:8d,6c,ca,eb,48,9e,45,88,8a,d3,f9,b6,61,6f,08,21
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 21:08:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 19:08
.
Před spuštěním: Volných bajtů: 825 181 265 920
Po spuštění: Volných bajtů: 824 664 010 752
.
- - End Of File - - 1F57103B703E67F135744EDAF61E15BE

[Žbeky]

Odinstalujcracklý eset i s tnodem a dej nový CF log

[Imas]

ComboFix 12-04-08.01 - Zombie 08.04.2012 22:14:01.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8175.6985 [GMT 2:00]
Spuštěný z: c:\users\Zombie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 20:18 . 2012-04-08 20:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-08 20:18 . 2012-04-08 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\users\Zombie\AppData\Roaming\Malwarebytes
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\programdata\Malwarebytes
2012-04-08 18:30 . 2012-04-08 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-08 18:30 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-06 07:57 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61E08C3F-807F-418F-A6E5-E1E615464629}\mpengine.dll
2012-03-30 12:12 . 2012-03-30 12:12 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-30 12:12 . 2012-03-30 12:12 676968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-30 12:12 . 2012-03-30 12:12 107624 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-29 17:06 . 2012-04-01 17:14 -------- d-----w- c:\program files (x86)\Sega
2012-03-23 16:25 . 2012-03-23 16:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-03-23 16:05 . 2012-03-23 16:05 592784 ----a-w- c:\windows\system32\itpcoin80.dll
2012-03-23 15:08 . 2012-03-23 15:08 -------- d-----w- c:\programdata\Uniblue
2012-03-23 15:07 . 2012-03-23 15:07 -------- d-----w- c:\users\Zombie\AppData\Roaming\Uniblue
2012-03-23 15:07 . 2012-03-23 15:07 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-23 15:01 . 2012-03-23 15:21 -------- d-----w- c:\program files\HWiNFO64
2012-03-14 12:19 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 12:19 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 12:19 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 10:58 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 10:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 10:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 10:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:43 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 10:43 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:43 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 10:43 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:43 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 18:50 . 2012-03-12 18:50 -------- d-----w- c:\program files (x86)\1C
2012-03-10 21:06 . 2012-03-10 21:06 -------- d-----w- c:\program files (x86)\HD Tune
2012-03-10 19:49 . 2012-03-10 19:49 -------- d-----w- c:\users\Zombie\AppData\Roaming\HD Tune Pro
2012-03-10 19:47 . 2012-03-10 21:04 -------- d-----w- c:\program files (x86)\HD Tune Pro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 20:12 . 2012-01-27 19:34 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-04-08 20:11 . 2012-01-27 19:24 25640 ----a-w- c:\windows\gdrv.sys
2012-02-23 07:18 . 2012-01-27 20:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 09:39 . 2012-01-27 20:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 11:51 . 2012-01-28 11:51 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-27 22:17 . 2012-01-27 22:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-27 21:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 21:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-27 20:41 . 2012-01-27 20:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-27 20:41 . 2012-01-27 20:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-27 20:41 . 2012-01-27 20:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-27 20:41 . 2012-01-27 20:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-27 20:41 . 2012-01-27 20:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-27 20:41 . 2012-01-27 20:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-27 20:41 . 2012-01-27 20:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-27 20:41 . 2012-01-27 20:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-27 20:41 . 2012-01-27 20:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-27 20:41 . 2012-01-27 20:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-27 20:41 . 2012-01-27 20:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-27 20:41 . 2012-01-27 20:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-27 20:41 . 2012-01-27 20:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-27 20:41 . 2012-01-27 20:41 448512 ----a-w- c:\windows\system32\html.iec
2012-01-27 20:41 . 2012-01-27 20:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-27 20:41 . 2012-01-27 20:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-27 20:41 . 2012-01-27 20:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-27 20:41 . 2012-01-27 20:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-27 20:41 . 2012-01-27 20:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-27 20:41 . 2012-01-27 20:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-27 20:41 . 2012-01-27 20:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-27 20:41 . 2012-01-27 20:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-27 20:41 . 2012-01-27 20:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-27 20:41 . 2012-01-27 20:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-27 20:41 . 2012-01-27 20:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-27 20:41 . 2012-01-27 20:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-27 20:41 . 2012-01-27 20:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-27 20:41 . 2012-01-27 20:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-27 20:41 . 2012-01-27 20:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-27 20:41 . 2012-01-27 20:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-27 20:41 . 2012-01-27 20:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-27 20:41 . 2012-01-27 20:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-27 20:41 . 2012-01-27 20:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-27 20:41 . 2012-01-27 20:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-27 20:17 . 2012-01-27 20:17 25640 ----a-w- c:\windows\etdrv.sys
2012-01-24 13:18 . 2012-01-24 13:18 4794880 ----a-w- c:\windows\SysWow64\x264vfw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_19.04.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-27 19:36 . 2012-04-08 20:13 31726 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 20:13 28868 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-27 19:09 . 2012-04-08 20:13 10762 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1607270210-766523-4270997960-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-04-08 20:09 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-03-30 12:14 86016 c:\windows\system32\DriverStore\infpub.dat
- 2012-04-08 19:04 . 2012-04-08 19:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 20:18 . 2012-04-08 20:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:30 . 2012-04-08 20:09 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-30 12:14 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-03-30 12:13 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-04-08 20:09 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-04-08 19:03 390616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-08 20:18 390616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-01-27 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-04-08 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2012-02-07 30592]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-12 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-03-03 11:13]
.
2012-04-08 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-23 13:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=6826
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{9766093C-44CF-4EB1-B0EC-455A8A6279F5}: NameServer = 82.114.192.15,82.114.192.6
FF - ProfilePath - c:\users\Zombie\AppData\Roaming\Mozilla\Firefox\Profiles\p64t8y1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1607270210-766523-4270997960-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:35,cd,0e,81,a8,71,25,c1,d5,84,fe,fe,8c,14,f6,90,27,46,c4,86,0d,91,5b,
1a,8e,d8,90,fa,b8,23,56,d8,aa,d9,fe,5d,5f,45,7d,d1,88,84,93,f3,a9,39,e6,04,\
"??"=hex:9d,6d,62,c7,7e,94,d3,01,62,72,da,46,cb,d1,2f,38
.
[HKEY_USERS\S-1-5-21-1607270210-766523-4270997960-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:bc,85,c3,e9,9e,ff,9f,b6,13,09,48,fa,84,d6,5e,bf,1e,9b,38,f7,cf,
df,98,4c,dd,7b,b3,0b,4e,d8,e0,9f,45,10,bf,50,bc,66,62,2b,52,f1,fd,41,2c,c3,\
"rkeysecu"=hex:8d,6c,ca,eb,48,9e,45,88,8a,d3,f9,b6,61,6f,08,21
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 22:21:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 20:21
ComboFix2.txt 2012-04-08 19:08
.
Před spuštěním: Volných bajtů: 825 044 766 720
Po spuštění: Volných bajtů: 824 920 694 784
.
- - End Of File - - 506CDAD09A937031027C2ABB57DE2C08

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


c:\program files (x86)\1C---ten program znáš??

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[Imas]

----------------------------------------------------------------------------
CrystalDiskInfo 4.2.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate Edition SP1 [6.1 Build 7601] (x64)
Date : 2012/04/11 15:38:40

-- Controller Map ----------------------------------------------------------
+ ATA Channel 0 (0) [ATA]
- HL-DT-ST DVDRAM GH20LS10 ATA Device
- ATA Channel 1 (1) [ATA]
- ATA Channel 0 (0) [ATA]
+ ATA Channel 1 (1) [ATA]
- SAMSUNG HD103SJ ATA Device
+ Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C00 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C08 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD103SJ : 1000.2 GB [0-3-0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD103SJ
----------------------------------------------------------------------------
Model : SAMSUNG HD103SJ
Firmware : 1AJ10001
Serial Number : S246JX0BB00135
Disk Size : 1000.2 GB (8.4/137.4/1000.2)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 555 hod.
Power On Count : 133 krát
Temparature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _70 _60 _25 000000002495 Čas na roztočení ploten
04 100 100 __0 000000000088 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 00000000022B Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C 100 100 __0 000000000085 Počet cyklů zapnutí zařízení
BF 252 252 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _61 __0 00280014001D Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 __1 __1 __0 00000007B813 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 000000000089 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 00 40 3F FF C8 37 00 10 00 00 00 00 00 3F 00 00
010: 00 00 00 00 53 32 34 36 4A 58 30 42 42 30 30 31
020: 33 35 20 20 20 20 20 20 00 00 FF FF 00 04 31 41
030: 4A 31 30 30 30 31 53 41 4D 53 55 4E 47 20 48 44
040: 31 30 33 53 4A 20 20 20 20 20 20 20 20 20 20 20
050: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 80 10
060: 40 00 2F 00 40 00 02 00 02 00 00 07 3F FF 00 10
070: 00 3F FC 10 00 FB 01 10 FF FF 0F FF 00 00 00 07
080: 00 03 00 78 00 78 00 78 00 78 00 00 00 00 00 00
090: 00 00 00 00 00 00 00 1F 17 06 00 00 00 4C 00 40
0A0: 01 FF 00 28 74 6B 7F 69 41 23 74 69 BC 41 41 23
0B0: 20 7F 00 4B 00 4B 00 00 FF FE 00 00 FE 00 00 00
0C0: 00 00 00 00 00 00 00 00 6D B0 74 70 00 00 00 00
0D0: 00 00 00 00 40 00 00 00 50 00 0F 00 B0 0B 35 01
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1C
0F0: 40 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 3F 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 1C 20 00 00 00 00 00 00 00 00 10 1F 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 01 04 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 A5

[jaro3]

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.